af746a629fe9dd1861b59c82e52112240528ad9f251ff29e041d1e3dbdf88d30

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 19:53

Target

af746a629fe9dd1861b59c82e52112240528ad9f251ff29e041d1e3dbdf88d30.dll
Size

497KB
MD5

ab1cf0dcb6ec319dcceb64cd9003b464
SHA1

3a82753f561e14ebeffa5c3e5357bc5fbb42b509
SHA256

af746a629fe9dd1861b59c82e52112240528ad9f251ff29e041d1e3dbdf88d30
SHA512

033fd6801cbab71e87ecd098f6ffab904c158294c53b77cb0bc96ff6d9d3334a73dc1f1bfe7ecaf2d36d74e11aa1290ff4d142566a8896cf0311cfe61061e48f
SSDEEP

12288:qJirAgj652wh4AAV0notsfrsDpTDBVlQddsEQbnffFJq0uhdB7:qJirAgLwh3boKfrsDpTDjlQH14nffFw5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\af746a629fe9dd1861b59c82e52112240528ad9f251ff29e041d1e3dbdf88d30.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\af746a629fe9dd1861b59c82e52112240528ad9f251ff29e041d1e3dbdf88d30.dll
  2⤵
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\1E2B.tmp
    C:\Users\Admin\AppData\Local\Temp\1E2B.tmp
    3⤵
    PID:2988

memory/2804-0-0x00000000001F0000-0x000000000022D000-memory.dmp

Filesize
244KB

Download