4db0ee0d1eca0eebb7c2fa24523aa545f4a048b43e4221424a2a70a75cd782b1 | Triage

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 17:58

Sharing

Report Analysis Logs

General

Target

09fe9a35b5e6fd3a4c52efcce70e52ef.dll
Size

137KB
MD5

09fe9a35b5e6fd3a4c52efcce70e52ef
SHA1

9a3a4c74230f58e76a7da6de119a4299661a733c
SHA256

4db0ee0d1eca0eebb7c2fa24523aa545f4a048b43e4221424a2a70a75cd782b1
SHA512

f44a8278155bd41afb528e3ff8569916c03b4eea326185b84afd09090b80cc25b78395419ba0fabe10d9a62d94bcde6f41f376dae7332f2c0dd63be00e74752a
SSDEEP

3072:zva6tOSk4eJw6BBO/ku0pBTNBoJ5Pn2+mfyGlzJ:DPAd4uJTuOPae+kJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 4260	3080	regsvr32.exe	89
PID 3080 wrote to memory of 4260	3080	regsvr32.exe	89
PID 3080 wrote to memory of 4260	3080	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\09fe9a35b5e6fd3a4c52efcce70e52ef.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\09fe9a35b5e6fd3a4c52efcce70e52ef.dll
  2⤵
  PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads