d1a70ae1fff4af61f0e4ba1502c51d6f5a581ccb18c266084c77ccba4d609ac0

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 10:15

Target

c05588fddea898d513f5a4600e80d7a3.dll
Size

46KB
MD5

c05588fddea898d513f5a4600e80d7a3
SHA1

4784408bab805875610a49d3de34d1f6f321bbc2
SHA256

d1a70ae1fff4af61f0e4ba1502c51d6f5a581ccb18c266084c77ccba4d609ac0
SHA512

e08a0aaeebc592a9fa3912ef9acb9b93b66a382c712cacd2af4ededabddf7e747ca9f59711026f9ee198f974050a493f761000e42386dd69ba88058204183822
SSDEEP

768:ZmpM8VB5IRtRHZQB1BciHCjMASFujjpZ1HyrugjBgLx4q43DP2uA:Zajy5G1BciHCj/SFydSrugjBeU3DuuA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 1108	2924	regsvr32.exe	28
PID 2924 wrote to memory of 1108	2924	regsvr32.exe	28
PID 2924 wrote to memory of 1108	2924	regsvr32.exe	28
PID 2924 wrote to memory of 1108	2924	regsvr32.exe	28
PID 2924 wrote to memory of 1108	2924	regsvr32.exe	28
PID 2924 wrote to memory of 1108	2924	regsvr32.exe	28
PID 2924 wrote to memory of 1108	2924	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c05588fddea898d513f5a4600e80d7a3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c05588fddea898d513f5a4600e80d7a3.dll
  2⤵
  PID:1108

memory/1108-0-0x00000000001E0000-0x00000000001F1000-memory.dmp

Filesize
68KB

Download