aa7629b74518b2a006c6451739a68208c56f59f7ed5cc4df837552d104b0d66a | Triage

Analysis

max time kernel
75s
max time network
146s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
28-02-2023 01:51

Sharing

Report Analysis Logs

General

Target

Adsqvxkav.dll
Size

2.5MB
MD5

9b15b9a82a8c63fbfd87871388edb5cc
SHA1

fe35a82f3625176462db8127b7a59791e589a339
SHA256

aa7629b74518b2a006c6451739a68208c56f59f7ed5cc4df837552d104b0d66a
SHA512

059a405684513685a01bc5cd246c9cf8b8ef942ba3d9d031e984496dc0fd0b7be9d23f8c1d2e1c364c066460a46b317cea4e83c02b5ee3515194ecfc40f81255
SSDEEP

49152:TRxnzFbWRh283kFOFB7Jzk25t19jyByQ/I3WpDQnehti:T/zFbWRh283kFOFB7Jzk2j3jHWFLc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 1960	3868	cmd.exe	70
PID 3868 wrote to memory of 1960	3868	cmd.exe	70
PID 3868 wrote to memory of 2768	3868	cmd.exe	71
PID 3868 wrote to memory of 2768	3868	cmd.exe	71
PID 3868 wrote to memory of 3144	3868	cmd.exe	72
PID 3868 wrote to memory of 3144	3868	cmd.exe	72

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Adsqvxkav.dll,#1
1⤵
PID:4356

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Windows\system32\regsvr32.exe
  regsvr32 AdobeSFX.log
  2⤵
  PID:1960
- C:\Windows\system32\regsvr32.exe
  regsvr32 Adsqvxkav.dll
  2⤵
  PID:2768
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s Adsqvxkav.dll
  2⤵
  PID:3144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads