6039fcf4b3d79f847f7b545ae0d7767a4d58e12721b049b04ade6550eef549b9 | Triage

Analysis

max time kernel
92s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2022 10:01

Sharing

Report Analysis Logs

General

Target

09bc2a1aefbafd3e7577bc3c352c82ad.dll
Size

55KB
MD5

09bc2a1aefbafd3e7577bc3c352c82ad
SHA1

eb7b0b4ce98998aa78f453e14ee1bde3319c6834
SHA256

6039fcf4b3d79f847f7b545ae0d7767a4d58e12721b049b04ade6550eef549b9
SHA512

234f10dc86467bfea7e12fcc54bde556d972ec83852f9e43e6be05e2dc1ea213b26e4f20277a3cfdaefd9970958cef70191df9f2971bf6e186a9a4cabbcd2bde
SSDEEP

1536:ogWi5BVVWsfV/hAq/ctyaAkFc+evm4VtMQtCP:jWqBVVJfVJaytAJCtS

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1264 wrote to memory of 3108	1264	regsvr32.exe	regsvr32.exe
PID 1264 wrote to memory of 3108	1264	regsvr32.exe	regsvr32.exe
PID 1264 wrote to memory of 3108	1264	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\09bc2a1aefbafd3e7577bc3c352c82ad.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1264

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\09bc2a1aefbafd3e7577bc3c352c82ad.dll
2⤵
PID:3108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3108-132-0x0000000000000000-mapping.dmp

Download