4b5ed94986e1c9c113e913572b6920e9cc7f6c703cb9a39b76cb13ee88305a64

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 16:48

Target

4b5ed94986e1c9c113e913572b6920e9cc7f6c703cb9a39b76cb13ee88305a64.dll
Size

2.9MB
MD5

f38d0a650683e24c8368ddcda7495d14
SHA1

7ffb6e31398623a6ae6540fc3e3b660a2532825d
SHA256

4b5ed94986e1c9c113e913572b6920e9cc7f6c703cb9a39b76cb13ee88305a64
SHA512

c7b9d10edacd3042830bbe80bd1f736d09944f1f4001b137a67d640a51d54d7647ea31b10b95553a307c7cf9ecc507a97c698a6ff1722b5892f844f2578379dd
SSDEEP

49152:jN9AYdlcQTM5qGvZi5hYHtbUuZjThaRrrQSn:ndeQgcGx1HtbUTRr8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 1272	2444	regsvr32.exe	28
PID 2444 wrote to memory of 1272	2444	regsvr32.exe	28
PID 2444 wrote to memory of 1272	2444	regsvr32.exe	28
PID 2444 wrote to memory of 1272	2444	regsvr32.exe	28
PID 2444 wrote to memory of 1272	2444	regsvr32.exe	28
PID 2444 wrote to memory of 1272	2444	regsvr32.exe	28
PID 2444 wrote to memory of 1272	2444	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4b5ed94986e1c9c113e913572b6920e9cc7f6c703cb9a39b76cb13ee88305a64.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4b5ed94986e1c9c113e913572b6920e9cc7f6c703cb9a39b76cb13ee88305a64.dll
  2⤵
  PID:1272