36e6b2752e0ee89e1a0e295ed3f7843f6307e83251233a5a3c41a7e317c3cd9c

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28/08/2023, 03:36

Target

36e6b2752e0ee89e1a0e295ed3f7843f6307e83251233a5a3c41a7e317c3cd9c.dll
Size

1.2MB
MD5

511ef4ba1ba98a4c6c24e41a53488ace
SHA1

708127bda0e79cff8d3b3832bdeb1db1ee3d0f35
SHA256

36e6b2752e0ee89e1a0e295ed3f7843f6307e83251233a5a3c41a7e317c3cd9c
SHA512

c1e66c8f2c740ceaeb59ab48989989a534a599515818ca114bcc587f0237b1fb97932998f11c141d3f2e48d4c5aa314225c8543b3c049c78e79c2e3082aafed7
SSDEEP

6144:MNAtPhnM3HBnN+qbFHVLVsNQ6TAULBKkolP7qEZS4q9wOCslO:MNAtpMJXHVLI0koFRACslO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 3008	2784	regsvr32.exe	28
PID 2784 wrote to memory of 3008	2784	regsvr32.exe	28
PID 2784 wrote to memory of 3008	2784	regsvr32.exe	28
PID 2784 wrote to memory of 3008	2784	regsvr32.exe	28
PID 2784 wrote to memory of 3008	2784	regsvr32.exe	28
PID 2784 wrote to memory of 3008	2784	regsvr32.exe	28
PID 2784 wrote to memory of 3008	2784	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\36e6b2752e0ee89e1a0e295ed3f7843f6307e83251233a5a3c41a7e317c3cd9c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\36e6b2752e0ee89e1a0e295ed3f7843f6307e83251233a5a3c41a7e317c3cd9c.dll
  2⤵
  PID:3008