0689fdde5a22c627f36e8e6d7dccb41b14b3ad55a55f9386cbd3a2b361b2396b

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 03:56

Target

a0e2c9290602113968ea1098382fe90e.dll
Size

70KB
MD5

a0e2c9290602113968ea1098382fe90e
SHA1

11064979257ea3394bd471baeda78dd8078ca568
SHA256

0689fdde5a22c627f36e8e6d7dccb41b14b3ad55a55f9386cbd3a2b361b2396b
SHA512

64c94411da2e7e069cf60d261b0720fb7015fad29c623e8a2a18e5f4a814959b54680e62d1ec1c8b1f292c1139d3b78872e39251fe523ddff06be5cf8b8b8186
SSDEEP

768:qkUXbWVGK+JbWANYvlwijqufw0TcKvosbz81tJlGpmfZI45K1xpsZ67VhN:XJVGnJWAolpjq1ylz8bvGC5SsZ67VhN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2088	1860	regsvr32.exe	28
PID 1860 wrote to memory of 2088	1860	regsvr32.exe	28
PID 1860 wrote to memory of 2088	1860	regsvr32.exe	28
PID 1860 wrote to memory of 2088	1860	regsvr32.exe	28
PID 1860 wrote to memory of 2088	1860	regsvr32.exe	28
PID 1860 wrote to memory of 2088	1860	regsvr32.exe	28
PID 1860 wrote to memory of 2088	1860	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a0e2c9290602113968ea1098382fe90e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a0e2c9290602113968ea1098382fe90e.dll
  2⤵
  PID:2088

memory/2088-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download