43e5ede6f0ba1a3549712f00870a0bc0ebf5131991e790509133b1f8da965a86 | Triage

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 18:21

Sharing

Report Analysis Logs

General

Target

0b7772da26c0a250bcd315a4a26dc216.dll
Size

844KB
MD5

0b7772da26c0a250bcd315a4a26dc216
SHA1

0188b407d4087c0b078ce9b20327fa155c451ab7
SHA256

43e5ede6f0ba1a3549712f00870a0bc0ebf5131991e790509133b1f8da965a86
SHA512

64152c43a5bdbe710f6d6f2cec04f4b4a997ddc6e8a693a6e57390e189c6bc27f57b82dc0cca900c427905fa409df5d1b5dcc2b2ec651fa64d71dbb44c660e92
SSDEEP

12288:6FVKRgN5GxZ73UI1koIAqCcQ6RrxfUTUoYlsqg8Iv:2qgN5APJR6RNcTxYOqG

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2496	2108	regsvr32.exe	28
PID 2108 wrote to memory of 2496	2108	regsvr32.exe	28
PID 2108 wrote to memory of 2496	2108	regsvr32.exe	28
PID 2108 wrote to memory of 2496	2108	regsvr32.exe	28
PID 2108 wrote to memory of 2496	2108	regsvr32.exe	28
PID 2108 wrote to memory of 2496	2108	regsvr32.exe	28
PID 2108 wrote to memory of 2496	2108	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0b7772da26c0a250bcd315a4a26dc216.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0b7772da26c0a250bcd315a4a26dc216.dll
  2⤵
  PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads