f24143d89e3bb44e2334eecf8ba12a42e0b98a0caab440fb97b9eaa8af33f263 | Triage

Analysis

max time kernel
177s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
27-04-2022 16:02

Sharing

Report Analysis Logs

General

Target

f24143d89e3bb44e2334eecf8ba12a42e0b98a0caab440fb97b9eaa8af33f263.dll
Size

30KB
MD5

f623f6157ef24b719373dfabc7a1cd8c
SHA1

ef28298714cabbdd5203de62c5f9696ac6223cdc
SHA256

f24143d89e3bb44e2334eecf8ba12a42e0b98a0caab440fb97b9eaa8af33f263
SHA512

c2c0e418f4eae6c62e3463aabd1054b9c2c955fa728d510253a74b8fed781cab8333fff3beb59fec773d12c07cac8446cb1292f255a5c7a29dbe9fb78b773ce6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 4636 wrote to memory of 2304	4636	regsvr32.exe	regsvr32.exe
PID 4636 wrote to memory of 2304	4636	regsvr32.exe	regsvr32.exe
PID 4636 wrote to memory of 2304	4636	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f24143d89e3bb44e2334eecf8ba12a42e0b98a0caab440fb97b9eaa8af33f263.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4636

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\f24143d89e3bb44e2334eecf8ba12a42e0b98a0caab440fb97b9eaa8af33f263.dll
2⤵
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-130-0x0000000000000000-mapping.dmp

Download