e24579a71df587a0eb35b584ce823fe05ba9dc07b1239834e0d8fc065513e645 | Triage

Analysis

max time kernel
3s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-03-2023 13:16

Sharing

Report Analysis Logs

General

Target

custsat.dll
Size

33KB
MD5

1ff80ebe5082a13d02253b415aa26f60
SHA1

7da7551ec7f3f1e606edf9313595e4ebe45ac8d1
SHA256

e0088b6361c7ea8e611ba32542beff7ac12955991c82a5fe9ef5d9a97d6ca14f
SHA512

8c33e9427227835229d27f59206e55cd98c372e6a20981c6b0518a5f9b81c127b0f40276c21adac06a433c1947ab56f7f2166135d184dec1162b5071e3037e90
SSDEEP

768:8UEt7dso9+bc7m+S45ii3iiHUM6cST2WENZ3gUpSS:LEZyoE/AtXUbcSSWENdgUV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 932 wrote to memory of 1992	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 1992	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 1992	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 1992	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 1992	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 1992	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 1992	932	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\custsat.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:932

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\custsat.dll
2⤵
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...