77f5c93c8e566d5b9c334500fc79b0cf3ae898b263018672dc5dcf8c5032ac3e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 03:18

Target

64553f0624e8bf15ce433c302905392a.dll
Size

128KB
MD5

64553f0624e8bf15ce433c302905392a
SHA1

a9fd6392eb9350953d09e0fb00ac62606ee20acc
SHA256

77f5c93c8e566d5b9c334500fc79b0cf3ae898b263018672dc5dcf8c5032ac3e
SHA512

5504d9eff9e000c4ed27e4d9bf97d20ea9f3c7b4bc889bc991c3a73b62a620b202eb667510c02d636d461a459fc073be90b3546977b1eb7860d2853e0c5d8cfb
SSDEEP

1536:ryqHQrqzXcoN+2TI+vdaCjYqBZkwuKoR7j3Ju/dkrwKW:l+G1NpNvdSq3kUy7j5WdkrwKW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2728	2336	regsvr32.exe	28
PID 2336 wrote to memory of 2728	2336	regsvr32.exe	28
PID 2336 wrote to memory of 2728	2336	regsvr32.exe	28
PID 2336 wrote to memory of 2728	2336	regsvr32.exe	28
PID 2336 wrote to memory of 2728	2336	regsvr32.exe	28
PID 2336 wrote to memory of 2728	2336	regsvr32.exe	28
PID 2336 wrote to memory of 2728	2336	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\64553f0624e8bf15ce433c302905392a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\64553f0624e8bf15ce433c302905392a.dll
  2⤵
  PID:2728

memory/2728-0-0x00000000001B0000-0x00000000001D0000-memory.dmp

Filesize
128KB

Download