68e5caa3f0fd4adc595b1163bf0dd30ca621c5d7a6ad0a20dfa1968346daa3c8 | Triage

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04/06/2023, 02:30

Sharing

Report Analysis Logs

General

Target

1ce30fbd_dll.dll
Size

371KB
MD5

65f35ae4203cf5041a0aaa358dd3d74c
SHA1

ea1f7940271fc80d06b2f222506020b650ad41bc
SHA256

68e5caa3f0fd4adc595b1163bf0dd30ca621c5d7a6ad0a20dfa1968346daa3c8
SHA512

8b641db68560e0ea362eca432fbac7af3ddf2ad8d1601c889785db007b5b8382cb9cac640fb5adb335ff5e5a1f46b530195d21406cb3197d9af30c413a6f85bf
SSDEEP

6144:48BBZH8L3/KoHJh2pgCkiWoOx0nxcCDlX/TNBUnjF444C48t9g4/R/:jBBTY0pl6x0JDlXJBWj/48om/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 1628	1264	regsvr32.exe	27
PID 1264 wrote to memory of 1628	1264	regsvr32.exe	27
PID 1264 wrote to memory of 1628	1264	regsvr32.exe	27
PID 1264 wrote to memory of 1628	1264	regsvr32.exe	27
PID 1264 wrote to memory of 1628	1264	regsvr32.exe	27
PID 1264 wrote to memory of 1628	1264	regsvr32.exe	27
PID 1264 wrote to memory of 1628	1264	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1ce30fbd_dll.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1ce30fbd_dll.dll
  2⤵
  PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads