58c0ac614aa94152f0c495b2f7b9514fefd7b30bfe883116290d600634c9b240

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 07:56

Target

cd8604d633434a70bf38f347881b6477.dll
Size

86KB
MD5

cd8604d633434a70bf38f347881b6477
SHA1

54b94302c023ca290707c18b5296c6f21d2a1f70
SHA256

58c0ac614aa94152f0c495b2f7b9514fefd7b30bfe883116290d600634c9b240
SHA512

be35d2962870ad2d3d9fd52695fb3ab938ae12d52aba33269798ed13943b2c1f5a15c6fb872149a2cdae1c0be968e4c8ab763505cc049a55a5952456cc280631
SSDEEP

1536:LD4PqCvC6wFFHG63kJwi1TObqQc7Xnsq7gpNjZa84g5HDfKty5iPGBVgAfNuHegM:LtDrFpLNi1TOuv8RZ0895HDfmvAA+gy1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1196	2020	regsvr32.exe	28
PID 2020 wrote to memory of 1196	2020	regsvr32.exe	28
PID 2020 wrote to memory of 1196	2020	regsvr32.exe	28
PID 2020 wrote to memory of 1196	2020	regsvr32.exe	28
PID 2020 wrote to memory of 1196	2020	regsvr32.exe	28
PID 2020 wrote to memory of 1196	2020	regsvr32.exe	28
PID 2020 wrote to memory of 1196	2020	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cd8604d633434a70bf38f347881b6477.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cd8604d633434a70bf38f347881b6477.dll
  2⤵
  PID:1196

memory/1196-0-0x00000000001A0000-0x00000000001E3000-memory.dmp

Filesize
268KB

Download