7ecd436a18f9611c05ddd1632eacf1d60f8082584db3d302524a1b1253ab4385

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 17:21

Target

7ad42243269b5b2dc8bef9fd974747ff.dll
Size

82KB
MD5

7ad42243269b5b2dc8bef9fd974747ff
SHA1

9f3ed77c45e8ac5e8e9042433049543560651ea0
SHA256

7ecd436a18f9611c05ddd1632eacf1d60f8082584db3d302524a1b1253ab4385
SHA512

ac7f4e215004e11679fed7e14240e3d1f7a9396b768eec601a2eeaf7815792da05032c5da7a90c20f31913f4d5544cb31a21d50fb628856a4c50f3c772c93267
SSDEEP

1536:U9fM4ItmqbAv03vL8euSUV62Lf3P77Ohi4IIAVHeXFck+TX0vSJQv712Lt:CEPMGuST2LfDiXa0aev712Lt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2836	2184	regsvr32.exe	28
PID 2184 wrote to memory of 2836	2184	regsvr32.exe	28
PID 2184 wrote to memory of 2836	2184	regsvr32.exe	28
PID 2184 wrote to memory of 2836	2184	regsvr32.exe	28
PID 2184 wrote to memory of 2836	2184	regsvr32.exe	28
PID 2184 wrote to memory of 2836	2184	regsvr32.exe	28
PID 2184 wrote to memory of 2836	2184	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7ad42243269b5b2dc8bef9fd974747ff.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7ad42243269b5b2dc8bef9fd974747ff.dll
  2⤵
  PID:2836

memory/2836-0-0x0000000000480000-0x00000000004BF000-memory.dmp

Filesize
252KB

Download