754e8dbc36cc233f9fb046a162367da005732e6d477d6fa7e9bc4254d2583164

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 13:54

Target

c0c11d9860b5cc431ce7646fa9c81ea3.dll
Size

66KB
MD5

c0c11d9860b5cc431ce7646fa9c81ea3
SHA1

487783e6431c7b10a3075145e213521ddcc12232
SHA256

754e8dbc36cc233f9fb046a162367da005732e6d477d6fa7e9bc4254d2583164
SHA512

a633af2a97221a07943088e52dc622468ebdcc7bfee64c0f89ac28a2f09fe1858c3479c7e56bc2dc880c7e659920fdc1e5f29adb6c4e3b27720ccf2281b9f929
SSDEEP

1536:7MesVWaJk/hKXwFXw3mxeHi/rqIdJKkFc4w8ZPe87W0eRhso:7MbVG/hKX0UfC/rtPFc4TxLWDio

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2720	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2720	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2720	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2720	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2720	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2720	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2720	1736	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c0c11d9860b5cc431ce7646fa9c81ea3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c0c11d9860b5cc431ce7646fa9c81ea3.dll
  2⤵
  PID:2720

memory/2720-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2720-1-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download