695e7e6b183b7b57c8b7113cb2d771a44e33d8d8158b2c74bbd9e71ddb860699 | Triage

Analysis

max time kernel
119s
max time network
107s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28-02-2023 01:51

Sharing

Report Analysis Logs

General

Target

Nmzquuiantsnzvtelvd.dll
Size

2.4MB
MD5

10f35d34423fc1e5da07799c25be8861
SHA1

dc160b11e3e5bd56a7f787f96f900c65c37b24f0
SHA256

695e7e6b183b7b57c8b7113cb2d771a44e33d8d8158b2c74bbd9e71ddb860699
SHA512

3190423d0871c2b5ca1c1d14c9b5290476d3c498ec574d0b7d15c41a889f3a7f872fd44129b31585ec21ccf9305f9905a6b94d3d95cca8428bec95eee37785ce
SSDEEP

49152:gmRA663TbtnUrttILB5QqzK7QjcfJg/pQjF:oTbtnIteTzjcfu/O5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 2 IoCs

pid	Process
1728	regsvr32.exe
1784	regsvr32.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 1728	1016	cmd.exe	29
PID 1016 wrote to memory of 1728	1016	cmd.exe	29
PID 1016 wrote to memory of 1728	1016	cmd.exe	29
PID 1016 wrote to memory of 1728	1016	cmd.exe	29
PID 1016 wrote to memory of 1728	1016	cmd.exe	29
PID 1016 wrote to memory of 1784	1016	cmd.exe	30
PID 1016 wrote to memory of 1784	1016	cmd.exe	30
PID 1016 wrote to memory of 1784	1016	cmd.exe	30
PID 1016 wrote to memory of 1784	1016	cmd.exe	30
PID 1016 wrote to memory of 1784	1016	cmd.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Nmzquuiantsnzvtelvd.dll,#1
1⤵
PID:960

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Windows\system32\regsvr32.exe
  regsvr32 /ds Nmzquuiantsnzvtelvd.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1728
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s Nmzquuiantsnzvtelvd.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-54-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download