a3995c2893496fea18ece5e6c7263d9e56479f80ee7711c87bce861d79faa40f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 23:39

Target

af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e.dll
Size

15.1MB
MD5

2f933f7527e61d37807589b9c7b5ae2b
SHA1

20e5bdb644b1c6e23ec02f2b21c863b8b5ab7ea6
SHA256

af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e
SHA512

1bc50117f43a1563b290f302ef19f0a3bd80775c751b32bc15c78e587e21cf440ffaa1e658939338bf95d68677f9ad1f075273c93b7ea7109299c0173f33d560
SSDEEP

196608:xB0ivGTAslgbSYBsnBho/wnBvq+4rMOblxz6qYFS1qY2aubxi58/EUxFFVs8pTwR:xBzvfaEog+4rdbUTFV3wOw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3020	3000	regsvr32.exe	28
PID 3000 wrote to memory of 3020	3000	regsvr32.exe	28
PID 3000 wrote to memory of 3020	3000	regsvr32.exe	28
PID 3000 wrote to memory of 3020	3000	regsvr32.exe	28
PID 3000 wrote to memory of 3020	3000	regsvr32.exe	28
PID 3000 wrote to memory of 3020	3000	regsvr32.exe	28
PID 3000 wrote to memory of 3020	3000	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e.dll
  2⤵
  PID:3020

memory/3020-0-0x0000000010000000-0x0000000010F92000-memory.dmp

Filesize
15.6MB

Download
memory/3020-1-0x0000000010000000-0x0000000010F92000-memory.dmp

Filesize
15.6MB

Download
memory/3020-3-0x0000000010000000-0x0000000010F92000-memory.dmp

Filesize
15.6MB

Download
memory/3020-4-0x00000000001F0000-0x00000000001FA000-memory.dmp

Filesize
40KB

Download
memory/3020-5-0x00000000001F0000-0x00000000001FA000-memory.dmp

Filesize
40KB

Download
memory/3020-6-0x00000000001F0000-0x00000000001FA000-memory.dmp

Filesize
40KB

Download
memory/3020-7-0x00000000001F0000-0x00000000001FA000-memory.dmp

Filesize
40KB

Download