bff57ccfbe2690d2b35717379b6c6902270dba122a8d508457124c073eaffd0e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-02-2024 15:11

Target

IScript.dll
Size

232KB
MD5

742679327ee56723096eb5aa5928be26
SHA1

20c6d65b0ae8e5e98198cf6dc993c60ada1d6553
SHA256

9fae0665d7b6d21a93a73708249bd44337910cf4f32210c584eda24733cacf7f
SHA512

05fa9e09fa3fd114eb1dbb96f27c680d78a82e318731a81174e68fe559e1d9f1b3565f2e7eff6b838ed41a429fd00577f2bb5885015bc68bb04d0f97c3150bf1
SSDEEP

3072:tn+NO80l7dwCkl9n4G2hxIDXTDooqcQNiplc8uX4jBSa6YTOzDx/iTEJuJIcQVxo:1Ovfb0NiplcYlob1gOHxDQt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	regsvr32.exe
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	regsvr32.exe
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	regsvr32.exe
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	regsvr32.exe
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	regsvr32.exe
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	regsvr32.exe
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\IScript.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2916

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\IScript.dll
2⤵
PID:2804