04565c14e9bbcb3673f8f3cc0d56f8a722e3a258c6e5afd53e93e7f2152db2a9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 18:37

Target

c952b028c7323de8ba538cc0b2fd9cd9.dll
Size

158KB
MD5

c952b028c7323de8ba538cc0b2fd9cd9
SHA1

260f22ecbbad953ebea9be870a2ae08ea42fa447
SHA256

04565c14e9bbcb3673f8f3cc0d56f8a722e3a258c6e5afd53e93e7f2152db2a9
SHA512

603883932f886fc3315fb586b398eab78fdb3a63e4e91815e2218a15e77dac1d4789ab2cab105843c06e35a46e5ca30fa59f543af3fe3bcfca12518bc15737b3
SSDEEP

1536:VXcyvW4PmSmJfGzF/6WjSkNxnYuzKAVhBwUAvjgRF8zu4dZ14neSfBKHJr44WjSm:WUWImVS5Pr6vkBnAWKp8lr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1264	2296	regsvr32.exe	28
PID 2296 wrote to memory of 1264	2296	regsvr32.exe	28
PID 2296 wrote to memory of 1264	2296	regsvr32.exe	28
PID 2296 wrote to memory of 1264	2296	regsvr32.exe	28
PID 2296 wrote to memory of 1264	2296	regsvr32.exe	28
PID 2296 wrote to memory of 1264	2296	regsvr32.exe	28
PID 2296 wrote to memory of 1264	2296	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c952b028c7323de8ba538cc0b2fd9cd9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c952b028c7323de8ba538cc0b2fd9cd9.dll
  2⤵
  PID:1264

memory/1264-0-0x00000000007F0000-0x0000000000833000-memory.dmp

Filesize
268KB

Download