c63bedfda9eb3560cab1abf0dfa9cab22910db587560d225e57bf9bb28a9a1cf | Triage

Analysis

max time kernel
122s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0136c0b0598bd69e89f2f03ec7808d30.dll
Size

219KB
MD5

0136c0b0598bd69e89f2f03ec7808d30
SHA1

7495f35c7f66d0327a196a0ed375f51e151b285c
SHA256

c63bedfda9eb3560cab1abf0dfa9cab22910db587560d225e57bf9bb28a9a1cf
SHA512

b0fc5c2d034d904cc914c7abe474ab82b575baf6155c391c204278bc86cba7e25e65a573ba673c6f76a3ab42c3321430c258388451d3818ebe767092dda59dd1
SSDEEP

6144:bnnRxKmTAYhk/iI/ayPuyHGkodbMGjA7:TnXfJ8iI/ayWyHydbM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2672	2868	regsvr32.exe	28
PID 2868 wrote to memory of 2672	2868	regsvr32.exe	28
PID 2868 wrote to memory of 2672	2868	regsvr32.exe	28
PID 2868 wrote to memory of 2672	2868	regsvr32.exe	28
PID 2868 wrote to memory of 2672	2868	regsvr32.exe	28
PID 2868 wrote to memory of 2672	2868	regsvr32.exe	28
PID 2868 wrote to memory of 2672	2868	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0136c0b0598bd69e89f2f03ec7808d30.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0136c0b0598bd69e89f2f03ec7808d30.dll
  2⤵
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2672-0-0x0000000010000000-0x0000000010075000-memory.dmp

Filesize
468KB

Download