99014fc644248963a1a475fb6198613e09a239fec64c4255843775056dfd1d2e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 16:56

Target

e226c0fa4d6f0190fb5cd92939018ead.dll
Size

64KB
MD5

e226c0fa4d6f0190fb5cd92939018ead
SHA1

ea323b4b469bd7934aee1a5c0d36e8adabaf5ba1
SHA256

99014fc644248963a1a475fb6198613e09a239fec64c4255843775056dfd1d2e
SHA512

0aadb311eacca2409e48a2c853263191e927e1cd8e971c1f9f961be96cece1dd1e18cbaa344115842bf616cd1061878eae26acb9ecac29554ad58e1197b95831
SSDEEP

1536:TxGBLdaPjgkKEx9QCPlQWAxIUIsogzJ07fzEEu6ywTfuE3V8LBpcyq:l0LgP2WQWAFLo17fzlu3wj8/cyq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2180	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2180	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2180	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2180	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2180	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2180	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2180	2172	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e226c0fa4d6f0190fb5cd92939018ead.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e226c0fa4d6f0190fb5cd92939018ead.dll
  2⤵
  PID:2180

memory/2180-0-0x0000000000220000-0x0000000000270000-memory.dmp

Filesize
320KB

Download