e06e7863d70d633589135d5f8801a19b09280d6bfb34cb3dec65d74ebebf6633

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 23:31

Target

$_2_/TenioDL/TNProxy.dll
Size

381KB
MD5

d5922567a24fc0dd563640c7c58f207b
SHA1

b8927d8a8b495a1e3900bc798fe13828e7119e43
SHA256

4050849dee043613c252d5f684092b54dac355943b95e16789bc982c3ab60683
SHA512

4fe661cc655e3f69e3010f9e081522cbd2e9b0604d72dbdf83ac4edfefaf1ff1aa3e4e431e214950620fa7b752a1f41be433319ff20551bbb1f1828ed023ad42
SSDEEP

6144:tzJn4huTMjHzBYFHiAr2io6E9XocLlDL3VjZYdnEnWOQrunDqUNu:YuTuArXoh9jLln3VWdnEnWOQrunWou

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3024	2984	regsvr32.exe	30
PID 2984 wrote to memory of 3024	2984	regsvr32.exe	30
PID 2984 wrote to memory of 3024	2984	regsvr32.exe	30
PID 2984 wrote to memory of 3024	2984	regsvr32.exe	30
PID 2984 wrote to memory of 3024	2984	regsvr32.exe	30
PID 2984 wrote to memory of 3024	2984	regsvr32.exe	30
PID 2984 wrote to memory of 3024	2984	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$_2_\TenioDL\TNProxy.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\$_2_\TenioDL\TNProxy.dll
  2⤵
  PID:3024