a6c1676a64720dd6fd9b5eef36243e079374ae4706f71d04e95881681336bc29

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 23:55

Target

87ffc92eb50fa3dc397e000052992f5f.dll
Size

87KB
MD5

87ffc92eb50fa3dc397e000052992f5f
SHA1

d0bc47b52adda75f46db2364e7c307cf5f3ceaed
SHA256

a6c1676a64720dd6fd9b5eef36243e079374ae4706f71d04e95881681336bc29
SHA512

373d4b6b5fd89fb9b48572870c9bcaf21b04d3ff1263c5129ac6f146460e401697d1884eb0341b1abbf3ff96103d2edc6e34b08edfcb7111edefc9815ad6926b
SSDEEP

1536:VDiNpUdHBF9jVz3OmwxG6spKeyZ775sz4rbaZo5lXoUn/Bn8xg5iWqUu9pJFrrfG:VONmFBF9Rz3xwxGvKP75szUbt//B8xd2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2840	1220	regsvr32.exe	28
PID 1220 wrote to memory of 2840	1220	regsvr32.exe	28
PID 1220 wrote to memory of 2840	1220	regsvr32.exe	28
PID 1220 wrote to memory of 2840	1220	regsvr32.exe	28
PID 1220 wrote to memory of 2840	1220	regsvr32.exe	28
PID 1220 wrote to memory of 2840	1220	regsvr32.exe	28
PID 1220 wrote to memory of 2840	1220	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\87ffc92eb50fa3dc397e000052992f5f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\87ffc92eb50fa3dc397e000052992f5f.dll
  2⤵
  PID:2840

memory/2840-0-0x0000000000130000-0x0000000000173000-memory.dmp

Filesize
268KB

Download