bcbf9741cb7ab6917b6b57e85a3f412072cfa6bef4de370bf6adb38fc045d9e1

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 01:32

Target

551fb0a2cc4091b1bf0f6c517c7aeb6a.dll
Size

43KB
MD5

551fb0a2cc4091b1bf0f6c517c7aeb6a
SHA1

4505b8f25522cdf95dd79b16b2f739fee55b15db
SHA256

bcbf9741cb7ab6917b6b57e85a3f412072cfa6bef4de370bf6adb38fc045d9e1
SHA512

d53151e9f077d00beb0e114006ac265c85b6aa20bb9c3e5c41f1287b03635a1c28161805a1aaf7c1fc762ecffcf620dbb09f70c6f22aadb5d89bf3b2780f1dfa
SSDEEP

768:ECSqWQ1geCiG8Lij9DM6iO5OpBlonnxGVSEUfT63+6XfQ1VFSZmx4jL1:zSqWQGP8LiBA6iGOpBloxGUCO6XY1VF4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2492	2052	regsvr32.exe	28
PID 2052 wrote to memory of 2492	2052	regsvr32.exe	28
PID 2052 wrote to memory of 2492	2052	regsvr32.exe	28
PID 2052 wrote to memory of 2492	2052	regsvr32.exe	28
PID 2052 wrote to memory of 2492	2052	regsvr32.exe	28
PID 2052 wrote to memory of 2492	2052	regsvr32.exe	28
PID 2052 wrote to memory of 2492	2052	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\551fb0a2cc4091b1bf0f6c517c7aeb6a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\551fb0a2cc4091b1bf0f6c517c7aeb6a.dll
  2⤵
  PID:2492

memory/2492-0-0x0000000000170000-0x0000000000180000-memory.dmp

Filesize
64KB

Download