3cc446d6a658ce7bdf67387d6df73888b2f5ea0a3955f2c11ebdeaec4d589517

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 10:45

Target

$TEMP/bibs_work/WMVCORE.dll
Size

4.9MB
MD5

88fba76c3a7eb0f785903de05fb0bd06
SHA1

35f452a43a838cbad695d596b2cad144cc115074
SHA256

8c981acb2673fa80fa39aa2ba9b1916cb9866b5e8f9ec1cc98bc7fed36b49c61
SHA512

f0bfb7e85de0834c3a3a8448ba4d218d28608b3634bed24590a30e91acb51632b01b09f3734547bca383c8d69a8e4c754337fa7d44a274c458fca04d21c29876
SSDEEP

98304:LXIbjOdRTNhVNwb64wmsBtA8x2nKXp8SXUMjR7VOMRf2TYwTkZ0032:jI4T9N/esBO62KSSXU0FVOM8Uwz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2896 wrote to memory of 2424	2896	regsvr32.exe	regsvr32.exe
PID 2896 wrote to memory of 2424	2896	regsvr32.exe	regsvr32.exe
PID 2896 wrote to memory of 2424	2896	regsvr32.exe	regsvr32.exe
PID 2896 wrote to memory of 2424	2896	regsvr32.exe	regsvr32.exe
PID 2896 wrote to memory of 2424	2896	regsvr32.exe	regsvr32.exe
PID 2896 wrote to memory of 2424	2896	regsvr32.exe	regsvr32.exe
PID 2896 wrote to memory of 2424	2896	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$TEMP\bibs_work\WMVCORE.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\$TEMP\bibs_work\WMVCORE.dll
  2⤵
  PID:2424