3f8ec3ac729285705bbeff69bad1edada368ef5241d91d3eee878e4b0856bf52

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 21:21

Target

泽华音乐/RMListView.dll
Size

316KB
MD5

842b3d7091aab7ae1c28e3a85bb3fa8e
SHA1

c4fa2a9f28daeabd8a9e7db9c7873da0e6a7e4e8
SHA256

babd698ae6f99c31b75e0c9c9fd6a2fd6b6f04cfd85602a4563fff682fd5ba8d
SHA512

6e7c3a36218fe1138b96d6571770349134c1682e159ae56f757bc9b800c61c73d484c8f5bc9a322c6f27a3ff3e41161df114fd123a2fe168ff277542c23c8550
SSDEEP

3072:1Ex0/pTvoBJwGrCwEtkUhk1BKr1YkaeOFDVNAC+Z4N2Mprn8/5aPKmBjEqfuWZdd:+MDOJEwEkPkae6QCgY7CIPE4Zdnd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1800	1972	regsvr32.exe	28
PID 1972 wrote to memory of 1800	1972	regsvr32.exe	28
PID 1972 wrote to memory of 1800	1972	regsvr32.exe	28
PID 1972 wrote to memory of 1800	1972	regsvr32.exe	28
PID 1972 wrote to memory of 1800	1972	regsvr32.exe	28
PID 1972 wrote to memory of 1800	1972	regsvr32.exe	28
PID 1972 wrote to memory of 1800	1972	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\泽华音乐\RMListView.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\泽华音乐\RMListView.dll
  2⤵
  PID:1800