Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
27-11-2022 23:32
General
-
Target
76382b8e67abdc2cece5d7b166d38011d911b60fc3ebcca895e84bc0bdbcd641.dll
-
Size
92KB
-
MD5
ed9f10a34be2bd1b9dcd2ef7d192abd1
-
SHA1
db578e01a142083439b179adf5f60a4ed8ea2984
-
SHA256
76382b8e67abdc2cece5d7b166d38011d911b60fc3ebcca895e84bc0bdbcd641
-
SHA512
71d25219e5c80ed6640a4449a1c2e9f43229017779198443b12cdb4f12af6920a15c21c7a6b4d203fca511c5debe831df841d0e6a1f1a21a7a38603aa2140e85
-
SSDEEP
1536:kG0veeOFJDn/Vsx10GiGVRHgGnzGycsrxiHLzExAE/LAAoAQR5T+0E2fvYr:kGQNOPLtsf0GHRHgVnLHU1/LAJP+n2fI
Score
8/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies registry class 5 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\76382b8e67abdc2cece5d7b166d38011d911b60fc3ebcca895e84bc0bdbcd641.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\76382b8e67abdc2cece5d7b166d38011d911b60fc3ebcca895e84bc0bdbcd641.dll2⤵
- Installs/modifies Browser Helper Object
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1336-132-0x0000000000000000-mapping.dmp
-
memory/1336-133-0x00000000755A0000-0x00000000755E0000-memory.dmpFilesize
256KB