924bf9d65404884fa9860594e607d23d68cde275729c8e593f30b49f6534880f

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:45

Target

924bf9d65404884fa9860594e607d23d68cde275729c8e593f30b49f6534880f.dll
Size

5.6MB
MD5

34b9d2fd3443d1be38877cfd6bbc3bcb
SHA1

5c574d51cf6b5956fc7800f44358b42891eae6c0
SHA256

924bf9d65404884fa9860594e607d23d68cde275729c8e593f30b49f6534880f
SHA512

01adb67584155ca1c55180bbb5113d0e56f529954af09e3ef265b840d0eee95e486d7f8abaec0029da8a88decccdfcccc6b9fb56433f942e61af33b1c7e30c19
SSDEEP

98304:Ns5sa/11iy79/pB0ilQiqnwWvtovwfVM1DR9:Ferv7qilYnDJuR9

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

regsvr32.exe

pid process

2772 regsvr32.exe

pid	process
2772	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1772 wrote to memory of 2772	1772	regsvr32.exe	regsvr32.exe
PID 1772 wrote to memory of 2772	1772	regsvr32.exe	regsvr32.exe
PID 1772 wrote to memory of 2772	1772	regsvr32.exe	regsvr32.exe
PID 1772 wrote to memory of 2772	1772	regsvr32.exe	regsvr32.exe
PID 1772 wrote to memory of 2772	1772	regsvr32.exe	regsvr32.exe
PID 1772 wrote to memory of 2772	1772	regsvr32.exe	regsvr32.exe
PID 1772 wrote to memory of 2772	1772	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\924bf9d65404884fa9860594e607d23d68cde275729c8e593f30b49f6534880f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1772

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\924bf9d65404884fa9860594e607d23d68cde275729c8e593f30b49f6534880f.dll
2⤵
- Suspicious use of SetWindowsHookEx
PID:2772