cfdd8e1bdc1e7ca074bac213c6cc9bdf5b9420395aa74d8683c2555705a00b35

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
20/11/2023, 17:12

Target

cfdd8e1bdc1e7ca074bac213c6cc9bdf5b9420395aa74d8683c2555705a00b35.dll
Size

1.5MB
MD5

2100fa815ec9ee4153d04befb50cc144
SHA1

1956cacb90047b96bb26a47eacb6448597972dc5
SHA256

cfdd8e1bdc1e7ca074bac213c6cc9bdf5b9420395aa74d8683c2555705a00b35
SHA512

a8401d04079d69466191e06c1e0e8cabc3bfd5cb16de2619141a186c47332beae95a05db96f9d92e1f143d41076e8baa4a74badce7bd22b1d71d6e9c584d5d1d
SSDEEP

12288:FYZ4ML5UnlCHIUjuELPtt3WIKmu5ULbXAWn8CNY2tTSki8:F0OnUjuEE9UAQ8cY2VA8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2940	2876	regsvr32.exe	28
PID 2876 wrote to memory of 2940	2876	regsvr32.exe	28
PID 2876 wrote to memory of 2940	2876	regsvr32.exe	28
PID 2876 wrote to memory of 2940	2876	regsvr32.exe	28
PID 2876 wrote to memory of 2940	2876	regsvr32.exe	28
PID 2876 wrote to memory of 2940	2876	regsvr32.exe	28
PID 2876 wrote to memory of 2940	2876	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cfdd8e1bdc1e7ca074bac213c6cc9bdf5b9420395aa74d8683c2555705a00b35.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cfdd8e1bdc1e7ca074bac213c6cc9bdf5b9420395aa74d8683c2555705a00b35.dll
  2⤵
  PID:2940