26a9afe5efaa6781389010c8272f637cbd6d798d2f291b471b243a04ef565990 | Triage

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2023 19:25

Sharing

Report Analysis Logs

General

Target

ISWrap.dll
Size

194KB
MD5

c98682f9fab7d6132c1106cfcb4ae6fd
SHA1

3fc4eb5697fe5dd01f55d21953d0bcf43b82fbc9
SHA256

26a9afe5efaa6781389010c8272f637cbd6d798d2f291b471b243a04ef565990
SHA512

37ab6cb1e9bf433a07e7a5fe4f27e5ae48c45956df37cf4bd90dbef5b759f1b82279452a5ccd5064add6bf60cdf4351642dd9d75cfe581c49a1646a9cc0ff3ad
SSDEEP

3072:IO9WInOn+KKKZodBYjAqRHfQoNnJm2hlJfMCzb6zT7a2qeMZzMNdFy5Y8SCQYkNh:IO9WInmbCsgNdFy5Y8dQFBh

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 916	3836	regsvr32.exe	79
PID 3836 wrote to memory of 916	3836	regsvr32.exe	79
PID 3836 wrote to memory of 916	3836	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ISWrap.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ISWrap.dll
  2⤵
  PID:916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/916-132-0x0000000000000000-mapping.dmp

Download