43dd231c26320715d292546cdbdeadb9143c708b6622dfeb64c5c8de1c7e45c9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 23:29

Target

124cd3425d54447efb739409b581be50N.dll
Size

240KB
MD5

124cd3425d54447efb739409b581be50
SHA1

e765a77d3ef3080e0f84d2b7f787ea947d206751
SHA256

43dd231c26320715d292546cdbdeadb9143c708b6622dfeb64c5c8de1c7e45c9
SHA512

50302c9122fb8c6985adc74aa5b9bc50b2fe9b52da767a229cf28d20b7f16790c0758ecad6dfe6e5e3c68dd90518f060daedba6c2d9768290aecaaad3d99b8cf
SSDEEP

3072:NvZszn/kv6hFYEQQUfj/lOEoVEbiAXFA/0BOPJ/eYQzyll2uvP:NvZi/wuUCVUiAXlBOPJ/kzCl2uvP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2236	2196	regsvr32.exe	30
PID 2196 wrote to memory of 2236	2196	regsvr32.exe	30
PID 2196 wrote to memory of 2236	2196	regsvr32.exe	30
PID 2196 wrote to memory of 2236	2196	regsvr32.exe	30
PID 2196 wrote to memory of 2236	2196	regsvr32.exe	30
PID 2196 wrote to memory of 2236	2196	regsvr32.exe	30
PID 2196 wrote to memory of 2236	2196	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\124cd3425d54447efb739409b581be50N.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\124cd3425d54447efb739409b581be50N.dll
  2⤵
  PID:2236