4736895da25b290480321927bb0b10f980a8c6be00573ce2843273adf3ec6bf8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 09:08

Target

0b980e7a5dd5df0d6f07aabd6e7e9fc2e3c9e156ef8c0a62a0e20cd23c333373.dll
Size

94KB
MD5

cfd26f1694178a0f6df3a92fa9b24644
SHA1

fc9e5233f24b0eca8ba2d09014f5c51583a1c7b0
SHA256

0b980e7a5dd5df0d6f07aabd6e7e9fc2e3c9e156ef8c0a62a0e20cd23c333373
SHA512

5fcb1d16f8a2baae437a3b3ee9cf168426c423b648ff01ac28caac11899413bc11a190c0350081395b5ffad80179e40cd458531d818af1d2819a6852b6d9db98
SSDEEP

1536:DOr0WcXmvhoadGd5oKhQBBldsQXN+NzaN/POXFkb5L+YD/BoRb:q2mOadMuqyr8zasXcLFD/BoR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2536	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2536	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2536	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2536	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2536	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2536	2976	regsvr32.exe	28
PID 2976 wrote to memory of 2536	2976	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0b980e7a5dd5df0d6f07aabd6e7e9fc2e3c9e156ef8c0a62a0e20cd23c333373.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0b980e7a5dd5df0d6f07aabd6e7e9fc2e3c9e156ef8c0a62a0e20cd23c333373.dll
  2⤵
  PID:2536