35c5a5e346165977966ed3e99c9b3b9ce6f90bcdc9c2ac93e8d7a4d36b2752bb | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 17:30

Sharing

Report Analysis Logs

General

Target

a32big.dll
Size

330KB
MD5

f88e4c4123ba6fd6299b74e989711db9
SHA1

48887432c6ed10ae38018f20767731692f48ff71
SHA256

35c5a5e346165977966ed3e99c9b3b9ce6f90bcdc9c2ac93e8d7a4d36b2752bb
SHA512

751613ec6383753d551471073fd801a98710734a93ee0573284ac8cf5adba1f517418466ed4b2268ab067ea950afdf608b2246c2b7effca88e1914bdf82b303e
SSDEEP

6144:URXweGsCLH2mMnpyxT5oz9QVAG5e4ZIrA/qTX1pGlMNzhMY:QZNCqJkTocs4ZIzGlwzhMY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2044	1732	regsvr32.exe	28
PID 1732 wrote to memory of 2044	1732	regsvr32.exe	28
PID 1732 wrote to memory of 2044	1732	regsvr32.exe	28
PID 1732 wrote to memory of 2044	1732	regsvr32.exe	28
PID 1732 wrote to memory of 2044	1732	regsvr32.exe	28
PID 1732 wrote to memory of 2044	1732	regsvr32.exe	28
PID 1732 wrote to memory of 2044	1732	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a32big.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a32big.dll
  2⤵
  PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads