aa7629b74518b2a006c6451739a68208c56f59f7ed5cc4df837552d104b0d66a | Triage

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28-02-2023 01:51

Sharing

Report Analysis Logs

General

Target

Adsqvxkav.dll
Size

2.5MB
MD5

9b15b9a82a8c63fbfd87871388edb5cc
SHA1

fe35a82f3625176462db8127b7a59791e589a339
SHA256

aa7629b74518b2a006c6451739a68208c56f59f7ed5cc4df837552d104b0d66a
SHA512

059a405684513685a01bc5cd246c9cf8b8ef942ba3d9d031e984496dc0fd0b7be9d23f8c1d2e1c364c066460a46b317cea4e83c02b5ee3515194ecfc40f81255
SSDEEP

49152:TRxnzFbWRh283kFOFB7Jzk25t19jyByQ/I3WpDQnehti:T/zFbWRh283kFOFB7Jzk2j3jHWFLc

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 2 IoCs

pid	Process
268	regsvr32.exe
1772	regsvr32.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 268	1524	cmd.exe	30
PID 1524 wrote to memory of 268	1524	cmd.exe	30
PID 1524 wrote to memory of 268	1524	cmd.exe	30
PID 1524 wrote to memory of 268	1524	cmd.exe	30
PID 1524 wrote to memory of 268	1524	cmd.exe	30
PID 1524 wrote to memory of 1772	1524	cmd.exe	31
PID 1524 wrote to memory of 1772	1524	cmd.exe	31
PID 1524 wrote to memory of 1772	1524	cmd.exe	31
PID 1524 wrote to memory of 1772	1524	cmd.exe	31
PID 1524 wrote to memory of 1772	1524	cmd.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Adsqvxkav.dll,#1
1⤵
PID:1272

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\system32\regsvr32.exe
  regsvr32 Admin.bmp
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:268
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s Admin.bmp
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-54-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download