d09a9e5ccce56752e0576e3f43b7fe4d401c577399853ffa34b4cf765b10f15e | Triage

Resubmissions

06/04/2023, 23:03

230406-21qthafe84 10

13/03/2023, 11:50

230313-nzsd2scc6y 1

13/04/2022, 02:53

220413-ddal1adhf9 1

Analysis

max time kernel
25s
max time network
31s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
13/03/2023, 11:50

Sharing

Report Analysis Logs

General

Target

dbghelp.dll
Size

242.9MB
MD5

31b00fe35cd795058e11e1bc2d8de272
SHA1

e25ebd7ea19dfc1948ac5e50e6166aa73bda5dca
SHA256

b253368444aba74db84589b6af2a5a0971a11c4129b220203870a4f5a82cd6fd
SHA512

ed213e2f0e8e40f2d828c9458fe6b50b4c44ecc0487bc924244b6957115e83737286ff7d082ab89ac11279f4075076b9f65d5d1841a07c0bcae337dd6310f443
SSDEEP

49152:BSjIuHVecUiBfG/aQimk8eGtsLwBnaUSLjV+Xa1TkT:B8HVecUitCk8ZtFqLjx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 940	956	regsvr32.exe	28
PID 956 wrote to memory of 940	956	regsvr32.exe	28
PID 956 wrote to memory of 940	956	regsvr32.exe	28
PID 956 wrote to memory of 940	956	regsvr32.exe	28
PID 956 wrote to memory of 940	956	regsvr32.exe	28
PID 956 wrote to memory of 940	956	regsvr32.exe	28
PID 956 wrote to memory of 940	956	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dbghelp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\dbghelp.dll
  2⤵
  PID:940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/940-54-0x0000000001F10000-0x0000000002F10000-memory.dmp

Filesize
16.0MB

Download