670e3d3e99d2aca498fa520e4058c802bcc2600ebe31748e0b19cba0f4ae58b4 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
22-11-2023 05:56

Sharing

Report Analysis Logs

General

Target

msncore.dll
Size

991KB
MD5

345602a639102f099a4a269cfb0becc9
SHA1

6f6c334c25bb2f3a7e5cbf989f95124d79eb576c
SHA256

954671bdd5d66a94d4f86e7f727da2ab4195009b0132d079ae908cf6966d245b
SHA512

d7e0be63a6eb2afcab32466d82af5eb87beb2e5e989ef407c7058e2b010b361322343ec6800d351c61d893b69a71e3865f51e974dad076e6679bca8254d6a8cd
SSDEEP

12288:9I4v4jlJ3DBct3wTjlnkwMR8iE0IC+NwlSTLRVDRmot3kWg9/6WfK:93t3wVkwm89FC+NUSTVV9mot3kr6WfK

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2876	2456	regsvr32.exe	28
PID 2456 wrote to memory of 2876	2456	regsvr32.exe	28
PID 2456 wrote to memory of 2876	2456	regsvr32.exe	28
PID 2456 wrote to memory of 2876	2456	regsvr32.exe	28
PID 2456 wrote to memory of 2876	2456	regsvr32.exe	28
PID 2456 wrote to memory of 2876	2456	regsvr32.exe	28
PID 2456 wrote to memory of 2876	2456	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\msncore.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\msncore.dll
  2⤵
  PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2876-0-0x0000000000A10000-0x0000000000A17000-memory.dmp

Filesize
28KB

Download