c61e4c0118c0dba1f873eaf10dd59d7fdbddb5b11d8e110b0b025ed48c583db2 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 03:17

Sharing

Report Analysis Logs

General

Target

02706f344cf3081e7cc6b7b919c6076e.dll
Size

247KB
MD5

02706f344cf3081e7cc6b7b919c6076e
SHA1

5760e2b5eaf99c04011345e746d8213d93264d47
SHA256

c61e4c0118c0dba1f873eaf10dd59d7fdbddb5b11d8e110b0b025ed48c583db2
SHA512

db385f35343671bde120510f36fddc8eded1985b07670a046f46692e4d54d7f8c242b0c41a7e7b43e54c12561e095dee4b9313cd67d84e5127e98cb8b1f84b2c
SSDEEP

6144:NTtEnEolsk7BPXS5Es2ATbwikeJC3CADzEI0cm:NTSEolhaEbAA9m6CwU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2856	2824	regsvr32.exe	14
PID 2824 wrote to memory of 2856	2824	regsvr32.exe	14
PID 2824 wrote to memory of 2856	2824	regsvr32.exe	14
PID 2824 wrote to memory of 2856	2824	regsvr32.exe	14
PID 2824 wrote to memory of 2856	2824	regsvr32.exe	14
PID 2824 wrote to memory of 2856	2824	regsvr32.exe	14
PID 2824 wrote to memory of 2856	2824	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\02706f344cf3081e7cc6b7b919c6076e.dll
1⤵
PID:2856

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\02706f344cf3081e7cc6b7b919c6076e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2856-0-0x0000000004190000-0x00000000041E5000-memory.dmp

Filesize
340KB

Download