e716f240b6054999b3c3c4f469350fde927b8f60e2f5462babbb4cf40e1595c9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:04

Target

750b034271f9b8231b2d7d34cc70c8a8.dll
Size

71KB
MD5

750b034271f9b8231b2d7d34cc70c8a8
SHA1

7d08bbe11796293b6946080a80929b2331293608
SHA256

e716f240b6054999b3c3c4f469350fde927b8f60e2f5462babbb4cf40e1595c9
SHA512

73e8f95e34ba94b32801909399e10442fb03b491c52ac35b77166522e1823f7404a8e0ecf65ea070dd831047d09b0c20c66deaddedecde603025db3c12752f6a
SSDEEP

1536:UY9H/UGNy1whedO9nyQuJKMoBk35DS8R81bvA76MNTKIiRTswv5:b9HBN/IqyQe3pJN8G7vliR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2940 wrote to memory of 3040	2940	regsvr32.exe	regsvr32.exe
PID 2940 wrote to memory of 3040	2940	regsvr32.exe	regsvr32.exe
PID 2940 wrote to memory of 3040	2940	regsvr32.exe	regsvr32.exe
PID 2940 wrote to memory of 3040	2940	regsvr32.exe	regsvr32.exe
PID 2940 wrote to memory of 3040	2940	regsvr32.exe	regsvr32.exe
PID 2940 wrote to memory of 3040	2940	regsvr32.exe	regsvr32.exe
PID 2940 wrote to memory of 3040	2940	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\750b034271f9b8231b2d7d34cc70c8a8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2940

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\750b034271f9b8231b2d7d34cc70c8a8.dll
2⤵
PID:3040