477c0e835f54f533908959c2f69c95f2fbb602cb8ecb9d9c8ac21e7fe2c5e50b

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 04:50

Target

5588a59f273f12ad1ef22b81fb2749b2.dll
Size

48KB
MD5

5588a59f273f12ad1ef22b81fb2749b2
SHA1

a50d00bc05e1cdc3b08c2b1129558b6e6740117f
SHA256

477c0e835f54f533908959c2f69c95f2fbb602cb8ecb9d9c8ac21e7fe2c5e50b
SHA512

3f4b9d993b042d78db714d8c978ec5dfe13b1f95575d4740aeee71624e8299c6daef376cdb4f44d04efa6e9f7ab3f6cf170b4850f77e49291c061502ff987104
SSDEEP

768:3p7tT126t032rgLlg2IpdrevYSEbAZsY0jH6faXFJWVMvxYY4jI/IVJCjh:57tTc6r2lghdivYSEkEt1BR4E/Ljh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 1912	1872	regsvr32.exe	28
PID 1872 wrote to memory of 1912	1872	regsvr32.exe	28
PID 1872 wrote to memory of 1912	1872	regsvr32.exe	28
PID 1872 wrote to memory of 1912	1872	regsvr32.exe	28
PID 1872 wrote to memory of 1912	1872	regsvr32.exe	28
PID 1872 wrote to memory of 1912	1872	regsvr32.exe	28
PID 1872 wrote to memory of 1912	1872	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5588a59f273f12ad1ef22b81fb2749b2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5588a59f273f12ad1ef22b81fb2749b2.dll
  2⤵
  PID:1912