187705ffd7c26b278ddc9af5b9a6fec11cc722aa73cc2faa0d4bdc30cf0ad040 | Triage

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 17:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

payload.dll
Size

400.0MB
MD5

bf3478e111a78fe95787810b0b14df2f
SHA1

c46b0acd52996134f8c670863022f785364dc9c9
SHA256

24b2739b4e61c486554efb03e491cff9bde52b5f6bcf785c7784ab77fef9d0b2
SHA512

dc74c821914d49bc5536f7b71d279ecf1b4472fb3095b2853aabdc8b3e4fc1128badbdbdd1e06ee324a3db38d6a3c78054467aa7a51ac76fabe289ef13c819d8
SSDEEP

6144:eUA+z1A+PNVjAz95rop77Qc3YAkLnfKJrH6MuzMy4:eQA/95s7LEW76

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 2796	2832	regsvr32.exe	28
PID 2832 wrote to memory of 2796	2832	regsvr32.exe	28
PID 2832 wrote to memory of 2796	2832	regsvr32.exe	28
PID 2832 wrote to memory of 2576	2832	regsvr32.exe	29
PID 2832 wrote to memory of 2576	2832	regsvr32.exe	29
PID 2832 wrote to memory of 2576	2832	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\payload.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Windows\system32\notepad.exe
  notepad.exe
  2⤵
  PID:2796
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2832 -s 292
  2⤵
  PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads