4a1ae7cf9606365db8ea043516a7ea76f673e55f3165f9e3573e31bc3b4710dd

Analysis

max time kernel
359s
max time network
360s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 13:12

Target

7Q7ATX/msvbvm50.dll
Size

3.7MB
MD5

fe3a753e5f327ed57942e81aefab4afb
SHA1

941d432fdce3d35d10ee2ae964a4dac5ae3e52c9
SHA256

9eea3c289a636a07ecd3dac31d5b853f4303ff5b0e27b867c718f29e1d1f1909
SHA512

fc3cfb59e0dded40be745d5ee33df904eff1950edb213bd68d421f60116f96a3506a10c07ea121f2e540f49b334e0f7bd7261fab367d006803a439a522ae5482
SSDEEP

49152:mQm9xbMYJKQZ+7UZF96Ofgu6yEHz7c3z2rESxvVaSZedtWALlQQR0m0:zmTMuCU4Q1ETGzVwvV9Zed5OQOj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	Process	procid_target
PID 2156 wrote to memory of 2816	2156	regsvr32.exe	28
PID 2156 wrote to memory of 2816	2156	regsvr32.exe	28
PID 2156 wrote to memory of 2816	2156	regsvr32.exe	28
PID 2156 wrote to memory of 2816	2156	regsvr32.exe	28
PID 2156 wrote to memory of 2816	2156	regsvr32.exe	28
PID 2156 wrote to memory of 2816	2156	regsvr32.exe	28
PID 2156 wrote to memory of 2816	2156	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7Q7ATX\msvbvm50.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7Q7ATX\msvbvm50.dll
  2⤵
  PID:2816