cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 13:32

Target

cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51.dll
Size

968KB
MD5

5c118ff6363287dc60e9f8aeb1da5bd9
SHA1

6174b80c03c4b7e06074ff49b59dfadcb392b872
SHA256

cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51
SHA512

27d07cff3bd3b0544899707879c7eeda0f6fc13e016c13ce363dd28836d50b52265e5fc0ba17be96bc2dd39baedce84955480a048ffb9387afcdd947b4f0647f
SSDEEP

12288:k6Ow9oMj3omnDchj0tpTBfHnigkFAY7vOhrCKyB+:niMj3omDc5qpTBfHnqAMGTE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1136	2080	regsvr32.exe	28
PID 2080 wrote to memory of 1136	2080	regsvr32.exe	28
PID 2080 wrote to memory of 1136	2080	regsvr32.exe	28
PID 2080 wrote to memory of 1136	2080	regsvr32.exe	28
PID 2080 wrote to memory of 1136	2080	regsvr32.exe	28
PID 2080 wrote to memory of 1136	2080	regsvr32.exe	28
PID 2080 wrote to memory of 1136	2080	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51.dll
  2⤵
  PID:1136