3cb1cd8c166f65a8c6aaa789fb198bd320ec608192e6f22b6a7a8c24615ebbec

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 05:39

Target

649ca7554e01cc9f5db2d7f6199312c3.dll
Size

127KB
MD5

649ca7554e01cc9f5db2d7f6199312c3
SHA1

33cc7cd80acfaa1c8853c92ae9e67eed47548db2
SHA256

3cb1cd8c166f65a8c6aaa789fb198bd320ec608192e6f22b6a7a8c24615ebbec
SHA512

0db0fd9990a2d928b812238a145137d979b242f96fe692e037ffbfcdb804b17dcb3350ccaf65807ea777f38c6ba7daf9f5fdd51a0240a548f32c845252c8c0fa
SSDEEP

3072:02ZH6dT4sEB9DiEkMue70DYz6rXmtEY323S8zGQhqysJIU:dZ9fB9rv4vIRIbg/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2384	2356	regsvr32.exe	28
PID 2356 wrote to memory of 2384	2356	regsvr32.exe	28
PID 2356 wrote to memory of 2384	2356	regsvr32.exe	28
PID 2356 wrote to memory of 2384	2356	regsvr32.exe	28
PID 2356 wrote to memory of 2384	2356	regsvr32.exe	28
PID 2356 wrote to memory of 2384	2356	regsvr32.exe	28
PID 2356 wrote to memory of 2384	2356	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\649ca7554e01cc9f5db2d7f6199312c3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\649ca7554e01cc9f5db2d7f6199312c3.dll
  2⤵
  PID:2384

memory/2384-0-0x00000000001F0000-0x0000000000215000-memory.dmp

Filesize
148KB

Download