289feafc9eb420045e7d89d52c7b0386d1fc7307f0e4b6aa11f35d92be5ab98e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 08:18

Target

cd901f47a3aa59118673317d53426290.dll
Size

144KB
MD5

cd901f47a3aa59118673317d53426290
SHA1

a320d2fd67801ec80c96d1bd5a8c9626b6d30373
SHA256

289feafc9eb420045e7d89d52c7b0386d1fc7307f0e4b6aa11f35d92be5ab98e
SHA512

cb1e88e2565de510758b2f991077241b26de70a4f3cad9cdae75842be53496f66709d94b2866c5b84d07c4a1e5fa17a209f2964c6fb35fc9ceb69d5e8bc31a4e
SSDEEP

1536:4vSvGmOa8qvO/2VoFpmGdfb3i8ke61TlUs9wBKPoTk1iatQ2TG1JZqnj5uYTtVsh:S4O/8oFndj41BNuw1iatGJZqj08tVsh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1988	1660	regsvr32.exe	28
PID 1660 wrote to memory of 1988	1660	regsvr32.exe	28
PID 1660 wrote to memory of 1988	1660	regsvr32.exe	28
PID 1660 wrote to memory of 1988	1660	regsvr32.exe	28
PID 1660 wrote to memory of 1988	1660	regsvr32.exe	28
PID 1660 wrote to memory of 1988	1660	regsvr32.exe	28
PID 1660 wrote to memory of 1988	1660	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cd901f47a3aa59118673317d53426290.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cd901f47a3aa59118673317d53426290.dll
  2⤵
  PID:1988