281741fd66be0b2d9f3a5602f6e0497f83fadf726ea0b0ed71f2d9e9d5f1295b

Analysis

max time kernel
117s
max time network
155s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-02-2024 14:36

Target

281741fd66be0b2d9f3a5602f6e0497f83fadf726ea0b0ed71f2d9e9d5f1295b.dll
Size

402KB
MD5

3026c4dd29a509daab924d15664ad955
SHA1

9f82c30c76b5239dbdf4b969f42612cdd708d075
SHA256

281741fd66be0b2d9f3a5602f6e0497f83fadf726ea0b0ed71f2d9e9d5f1295b
SHA512

9491ae95a4e8d2c2e481815edfd9a422b95f0bf4d3aea902ce54e7702255dc63c3e1eacba81ad37c8489c2065b00d6954080b76c670990f07992b684b6227577
SSDEEP

6144:EVWAE0IMoNmL7x4SVpSabPTeboxqoTkEaWran:JFNmLKSVpJbPT+4xr6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1712 wrote to memory of 1640	1712	regsvr32.exe	regsvr32.exe
PID 1712 wrote to memory of 1640	1712	regsvr32.exe	regsvr32.exe
PID 1712 wrote to memory of 1640	1712	regsvr32.exe	regsvr32.exe
PID 1712 wrote to memory of 1640	1712	regsvr32.exe	regsvr32.exe
PID 1712 wrote to memory of 1640	1712	regsvr32.exe	regsvr32.exe
PID 1712 wrote to memory of 1640	1712	regsvr32.exe	regsvr32.exe
PID 1712 wrote to memory of 1640	1712	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\281741fd66be0b2d9f3a5602f6e0497f83fadf726ea0b0ed71f2d9e9d5f1295b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\281741fd66be0b2d9f3a5602f6e0497f83fadf726ea0b0ed71f2d9e9d5f1295b.dll
2⤵
PID:1640

memory/1640-0-0x0000000010000000-0x0000000010067000-memory.dmp

Filesize
412KB

Download
memory/1640-1-0x0000000010000000-0x0000000010067000-memory.dmp

Filesize
412KB

Download