8668bdae3d44e17df81a72a97ff393f23786a52fda0210f9b5ecca35844c6539

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 06:05

Target

e0f17c45b488ff6d18ec3d45d322b35c.dll
Size

217KB
MD5

e0f17c45b488ff6d18ec3d45d322b35c
SHA1

be872cc79c5385b71406a24df84269dd55f67257
SHA256

8668bdae3d44e17df81a72a97ff393f23786a52fda0210f9b5ecca35844c6539
SHA512

a01e9f40dfb28c101db2d054a7dffdc832b128e76271e34bdc58736c4c026b763e6ec0bcfae2541f3af726dcff9aa3235fe4afd1137bb0250ae93123abb295f2
SSDEEP

1536:9kfwMi5GkfwMi5GkfwMi5GkfwMi5GkfwMi5GkfwMi5GkfwMi5:TMi52Mi52Mi52Mi52Mi52Mi52Mi5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 1940	1684	regsvr32.exe	28
PID 1684 wrote to memory of 1940	1684	regsvr32.exe	28
PID 1684 wrote to memory of 1940	1684	regsvr32.exe	28
PID 1684 wrote to memory of 1940	1684	regsvr32.exe	28
PID 1684 wrote to memory of 1940	1684	regsvr32.exe	28
PID 1684 wrote to memory of 1940	1684	regsvr32.exe	28
PID 1684 wrote to memory of 1940	1684	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e0f17c45b488ff6d18ec3d45d322b35c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e0f17c45b488ff6d18ec3d45d322b35c.dll
  2⤵
  PID:1940

memory/1940-0-0x00000000001B0000-0x00000000001BD000-memory.dmp

Filesize
52KB

Download