7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a

Analysis

max time kernel
139s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 09:28

Target

7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a.dll
Size

265KB
MD5

9402d05cd02d86b7a3d14ddaf253e010
SHA1

b4a3cf550c862047be06788784acc9eaec827721
SHA256

7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a
SHA512

fd45ad5f6460721e18cd911bf1bff181a8c53c6ae6afc6336692799a9fcf6dc624485b77cdfa8496146696472844336b337acf5d524c63c6479772a3878fa3a6
SSDEEP

6144:PG/gY4ozBsyTDp6rd14JSLU4JSLU4JSLx:PCdLt6rd14JSLU4JSLU4JSLx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 3404	952	regsvr32.exe	80
PID 952 wrote to memory of 3404	952	regsvr32.exe	80
PID 952 wrote to memory of 3404	952	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a.dll
  2⤵
  PID:3404