36a1ee77a2343ff34b463324ba190041df427eccc1b0173700835e253b42a90e

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 16:32

Target

7cf102fa9a30388974681972ee5fa2cd.dll
Size

44KB
MD5

7cf102fa9a30388974681972ee5fa2cd
SHA1

fb58fcedecbcfc6ab61cc137c148c4b4480a5b65
SHA256

36a1ee77a2343ff34b463324ba190041df427eccc1b0173700835e253b42a90e
SHA512

307ca47444c96de74c767070ee9a656b32ff1d77d3d05065a8b1850dba80aa03a283d49243bce68e25040772491f4b42ca6cb1fbb26150cb3402c380928227d4
SSDEEP

384:Ctednsbm11zJ6JoGtqaEGOa09q6saaMq8DDtkav5ehxrCJiCmnQlPJpJgLa0MpLd:T4O6doaqPJakDpkavAxDBQlxgLa1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 1084	4940	regsvr32.exe	87
PID 4940 wrote to memory of 1084	4940	regsvr32.exe	87
PID 4940 wrote to memory of 1084	4940	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cf102fa9a30388974681972ee5fa2cd.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7cf102fa9a30388974681972ee5fa2cd.dll
  2⤵
  PID:1084