0d47359062dd32a7cca3ea6e9716491e149698827d5e65a80579dd88ed0ffba4 | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2023, 19:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

wintrust.dll
Size

172KB
MD5

b25d14dcbbb6623c1a63cd07a97df32b
SHA1

7bda19c92848a811077f780f569c0593d14b2a92
SHA256

0d47359062dd32a7cca3ea6e9716491e149698827d5e65a80579dd88ed0ffba4
SHA512

6cb19df2cf659fcbec931ced57acfa8cd816a336ab376eedca7dbeca0641e0dfb3bd3a703c77091002f8036e8e8c4acc4b7da3ea8ebce2baf05f2ba5ad017e5c
SSDEEP

3072:Od2CHwnMutz7qayNOEjim0HrP5koMEuhG+DkS1MaYO5sam7o1EXXFT421kxpb7K7:Od28wztvC0LRi1ju7ex

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 4560	2100	regsvr32.exe	80
PID 2100 wrote to memory of 4560	2100	regsvr32.exe	80
PID 2100 wrote to memory of 4560	2100	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\wintrust.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\wintrust.dll
  2⤵
  PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4560-133-0x0000000000550000-0x000000000057E000-memory.dmp

Filesize
184KB

Download
memory/4560-134-0x0000000000551000-0x000000000057A000-memory.dmp

Filesize
164KB

Download