16f73fb34fae0f190c150ea6d34209852f8e7a023ce269ec082d9ef3f4375ba1 | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 05:26

Sharing

Report Analysis Logs

General

Target

586km.comp222pSearcher910/kads.dll
Size

916KB
MD5

cb63c2da5c9a0ff071fae6f3c941962c
SHA1

69eba718b853c1be78db84606affe527c07071f3
SHA256

b9ff8da7db9dd71e57a162c7ec51e36ce3cd2777c740bac98231a75ae9fbbfc6
SHA512

4f6c577635f24968c47499b7228b1d558c9fb21e64756b784db320d71ba39c654d48b24c3d499c149de2da94edef1ae08d037a0e0bdd926c0bbf39c8bfddeb28
SSDEEP

24576:cvBtk1ERCrQ5MQsOL5yka67RWk62tKQWQ2O:c5oEUs5MQsOL7z62tKA1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 1880	624	regsvr32.exe	14
PID 624 wrote to memory of 1880	624	regsvr32.exe	14
PID 624 wrote to memory of 1880	624	regsvr32.exe	14
PID 624 wrote to memory of 1880	624	regsvr32.exe	14
PID 624 wrote to memory of 1880	624	regsvr32.exe	14
PID 624 wrote to memory of 1880	624	regsvr32.exe	14
PID 624 wrote to memory of 1880	624	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\586km.comp222pSearcher910\kads.dll
1⤵
PID:1880

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\586km.comp222pSearcher910\kads.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1880-0-0x0000000001D60000-0x0000000001DB6000-memory.dmp

Filesize
344KB

Download