51408761cba4ac9f4e04ee265540c929078ceb94568a547fe7bbc34071f298cc | Triage

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
14/11/2023, 14:38

Sharing

Report Analysis Logs

General

Target

133.dll
Size

1.9MB
MD5

fe4b5c56b9b92ce8cbbc3ae5a192f625
SHA1

4821608044922737424e5b1c17592215a2a4aca1
SHA256

51408761cba4ac9f4e04ee265540c929078ceb94568a547fe7bbc34071f298cc
SHA512

4200d72f87e4e4b9f2955df4aa8bcfb7b27d83f2fac78d9723119bb650f0a8b04cb126c69b4b143afb62c4f56327f878276d31023bd65d5602b8c341d431bcb3
SSDEEP

49152:Y1+E6+bmEDLmHVfCM1RnqAqds7qHu6gm6vFO4xsdisAu:Yb1JDLm1fCM1pqAqdsGHu6g7Y

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2040	2596	regsvr32.exe	28
PID 2596 wrote to memory of 2040	2596	regsvr32.exe	28
PID 2596 wrote to memory of 2040	2596	regsvr32.exe	28
PID 2596 wrote to memory of 2040	2596	regsvr32.exe	28
PID 2596 wrote to memory of 2040	2596	regsvr32.exe	28
PID 2596 wrote to memory of 2040	2596	regsvr32.exe	28
PID 2596 wrote to memory of 2040	2596	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\133.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\133.dll
  2⤵
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads