3355bd5811f8e830210ca811373a4d0cee43cc4ee97b68088a2c9bb6b6623743

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 12:20

Target

972374ec37c797265f3bd3bf9f9bc25c.dll
Size

30KB
MD5

972374ec37c797265f3bd3bf9f9bc25c
SHA1

09d25f2674f6d1d6e8701637e736eaf76fb85339
SHA256

3355bd5811f8e830210ca811373a4d0cee43cc4ee97b68088a2c9bb6b6623743
SHA512

57386ade7deda0413ee49ac4d837e398705c4491eac08ca42b6a7bf2a033e84e1cfb428b09d324bee71baa1cb37607d09de8ffd99aac0a23a6e703b69216f6f0
SSDEEP

384:W59+PbhI7kZp9W/TBr2a7eqfPxcrJuTc7WhzYYuULLEEx4d0/A8sIHvnrqt:++ThI7GoJJPxcrJueasYuCT80vswz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2144	1200	regsvr32.exe	28
PID 1200 wrote to memory of 2144	1200	regsvr32.exe	28
PID 1200 wrote to memory of 2144	1200	regsvr32.exe	28
PID 1200 wrote to memory of 2144	1200	regsvr32.exe	28
PID 1200 wrote to memory of 2144	1200	regsvr32.exe	28
PID 1200 wrote to memory of 2144	1200	regsvr32.exe	28
PID 1200 wrote to memory of 2144	1200	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\972374ec37c797265f3bd3bf9f9bc25c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\972374ec37c797265f3bd3bf9f9bc25c.dll
  2⤵
  PID:2144

memory/2144-0-0x00000000000C0000-0x00000000000CD000-memory.dmp

Filesize
52KB

Download