a23284b8dc8f2bd6d9bd55de1552ed035c185bc0af76dbd41427f080bc8ef837

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 14:51

Target

8f6d7f0f621d069f21f6651a037805be.dll
Size

81KB
MD5

8f6d7f0f621d069f21f6651a037805be
SHA1

bf5446d7220dfd43ebe49f8e81b5c8a8b8a7b750
SHA256

a23284b8dc8f2bd6d9bd55de1552ed035c185bc0af76dbd41427f080bc8ef837
SHA512

bc780999f1386693f0cfdf2c19063b9073945e16a600290b0844b270557c9e55869439844e05001ab2c049133f4c2f472f1bf5dfdc3b84ad138b64fe2dbcc8ab
SSDEEP

1536:mbQ8OC7nTeU0eHgepJWXQZLZNbX2yDGZlsyNuuqvfAzNcyQozA:2YCneU1gepJqGL7XHDGLsyYu+fASyY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2240	2572	regsvr32.exe	28
PID 2572 wrote to memory of 2240	2572	regsvr32.exe	28
PID 2572 wrote to memory of 2240	2572	regsvr32.exe	28
PID 2572 wrote to memory of 2240	2572	regsvr32.exe	28
PID 2572 wrote to memory of 2240	2572	regsvr32.exe	28
PID 2572 wrote to memory of 2240	2572	regsvr32.exe	28
PID 2572 wrote to memory of 2240	2572	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8f6d7f0f621d069f21f6651a037805be.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8f6d7f0f621d069f21f6651a037805be.dll
  2⤵
  PID:2240

memory/2240-0-0x00000000001B0000-0x00000000001EF000-memory.dmp

Filesize
252KB

Download