3bfd6e95571f90cb7de842021b8fcfb79f03382b9846c3d5c5c7de77745ca83a

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 11:32

Target

cdf4ac26f24be4ab729e9db8712ebe6d.dll
Size

154KB
MD5

cdf4ac26f24be4ab729e9db8712ebe6d
SHA1

d08b9bfb38a3fb0bd04f2c1628a0862df7c61c99
SHA256

3bfd6e95571f90cb7de842021b8fcfb79f03382b9846c3d5c5c7de77745ca83a
SHA512

0bb466c98ddfd108a6d98b27d789550c7a1e870b8a97873934a3990dc921d74b443e53d78912742b2f226aed062dbb57379331187b89a5b51dffc777fdbbd5ea
SSDEEP

3072:ttFUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4W:ttFY4IFY4IFY4IFY4IFY4IFY4IFY4IFZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2296	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2296	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2296	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2296	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2296	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2296	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2296	2176	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cdf4ac26f24be4ab729e9db8712ebe6d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cdf4ac26f24be4ab729e9db8712ebe6d.dll
  2⤵
  PID:2296

memory/2296-0-0x0000000000210000-0x0000000000229000-memory.dmp

Filesize
100KB

Download