7cf2038cadd89e1dc7bcb0aa24e93d3bd1d88560dfd5bc692d38654bf75cf8fc

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 22:29

Target

7cf2038cadd89e1dc7bcb0aa24e93d3bd1d88560dfd5bc692d38654bf75cf8fc.dll
Size

128KB
MD5

ca8fd75c135643c4f652cff3f0e129fd
SHA1

0e8c28c2c143017d586f81e2a57f4e56486b0296
SHA256

7cf2038cadd89e1dc7bcb0aa24e93d3bd1d88560dfd5bc692d38654bf75cf8fc
SHA512

b6330653121379dc58433ba0ada2fcd9a9280384615bb74f9f268ade1765b4e53fde764e389fc3967bc56cc17fba0d00046df76665feb28ff78b7aaa0cfddf3d
SSDEEP

1536:YkUgJ+DUTC2tOmXbJVaK3R0XMJ33iU5hVXl7NeLZ61due6moMNNlltdgHXTzHrzl:JxTOubqoNNfoH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 4932	1180	regsvr32.exe	81
PID 1180 wrote to memory of 4932	1180	regsvr32.exe	81
PID 1180 wrote to memory of 4932	1180	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cf2038cadd89e1dc7bcb0aa24e93d3bd1d88560dfd5bc692d38654bf75cf8fc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7cf2038cadd89e1dc7bcb0aa24e93d3bd1d88560dfd5bc692d38654bf75cf8fc.dll
  2⤵
  PID:4932