6c0ffc0cb2a09a720ce834a153c12ae218abb2e2ae0d4518ec8fbb34a7c052f8

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 19:16 UTC

Target

72d563fe5133fc167b6b0516c66f6ecb.dll
Size

45KB
MD5

72d563fe5133fc167b6b0516c66f6ecb
SHA1

b5d2a602b346cabbcedfe672859b06ea24a61065
SHA256

6c0ffc0cb2a09a720ce834a153c12ae218abb2e2ae0d4518ec8fbb34a7c052f8
SHA512

88901e0578362402395d80a712c511b1a8d58188467301e59ffbcae730cb6abb53f2721d654f84231fb03332f915bbf2868eca1c8a0190e37ecde9e3e43ee8c2
SSDEEP

768:UdezPrfvVNIywt3d91fy7L3JFArOQatBW7Bctrvlq3nS8ZWZl5zC:Ie7rVjG3oL0rO5uBct7lq3nS8Zou

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1344	1708	regsvr32.exe	28
PID 1708 wrote to memory of 1344	1708	regsvr32.exe	28
PID 1708 wrote to memory of 1344	1708	regsvr32.exe	28
PID 1708 wrote to memory of 1344	1708	regsvr32.exe	28
PID 1708 wrote to memory of 1344	1708	regsvr32.exe	28
PID 1708 wrote to memory of 1344	1708	regsvr32.exe	28
PID 1708 wrote to memory of 1344	1708	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\72d563fe5133fc167b6b0516c66f6ecb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\72d563fe5133fc167b6b0516c66f6ecb.dll
  2⤵
  PID:1344