138281cf671428156cf50ceaeb034e5b7f11eab8483823edf53bfb3a7371209b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/02/2024, 14:49

Target

138281cf671428156cf50ceaeb034e5b7f11eab8483823edf53bfb3a7371209b.dll
Size

96KB
MD5

a88d49c3f4817c9a6aadc10a750199e0
SHA1

16200f4b417b986554dc48a2747207d02a3b8c98
SHA256

138281cf671428156cf50ceaeb034e5b7f11eab8483823edf53bfb3a7371209b
SHA512

c2b6a5727ec59e8f2b841bcf6face1c63a96ffbacb7a60b0bfa12c7c0ddddf8fef2bea7e2a22005cf917612b341397e1256f25d86375e95c04139b19bf6e2ab1
SSDEEP

1536:XmWZWqYSokH+dKY0UIsF+XoVtzoA1kHVjNg:WWCIxktv1CW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2988	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2988	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2988	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2988	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2988	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2988	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2988	2976	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\138281cf671428156cf50ceaeb034e5b7f11eab8483823edf53bfb3a7371209b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\138281cf671428156cf50ceaeb034e5b7f11eab8483823edf53bfb3a7371209b.dll
  2⤵
  PID:2988