936ef8203a489dd893be8806ff71aa9a87ff7b5b704da39f3f05b7748e4d7248

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 13:01

Target

df282d7ac86fd0852ff3fcef7cf85960N.dll
Size

424KB
MD5

df282d7ac86fd0852ff3fcef7cf85960
SHA1

19c214c7cf647e6dcbb0c0ae51a7dc6be91da63a
SHA256

936ef8203a489dd893be8806ff71aa9a87ff7b5b704da39f3f05b7748e4d7248
SHA512

62ba80d7b55c91a2e8b7a94bce241f2f6d613cf289e3998f3379558e8a67332cb6fd2c8daf80e9979c0b4704992a15780dadc406eb319c5b43a0454e4c999221
SSDEEP

6144:Tb8MPnJZSgpC7KgDZfIli03UVSydGt7y0gkbByFfA0H2ihpj6Yx:Tb8MPnJZu7KgDZAlidFd07ByRA0x5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 3052	3008	regsvr32.exe	29
PID 3008 wrote to memory of 3052	3008	regsvr32.exe	29
PID 3008 wrote to memory of 3052	3008	regsvr32.exe	29
PID 3008 wrote to memory of 3052	3008	regsvr32.exe	29
PID 3008 wrote to memory of 3052	3008	regsvr32.exe	29
PID 3008 wrote to memory of 3052	3008	regsvr32.exe	29
PID 3008 wrote to memory of 3052	3008	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\df282d7ac86fd0852ff3fcef7cf85960N.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\df282d7ac86fd0852ff3fcef7cf85960N.dll
  2⤵
  PID:3052