16f73fb34fae0f190c150ea6d34209852f8e7a023ce269ec082d9ef3f4375ba1 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:26

Sharing

Report Analysis Logs

General

Target

586km.comp222pSearcher910/socket.dll
Size

356KB
MD5

31701526cca8547bada2f05d31aadba6
SHA1

353343e0324fa25c74fa11f2d78c596a5fec6c77
SHA256

4bfb4080d339fff497a46b8312142658af62c23b67e6bbc6d839b798c1e9070d
SHA512

af9dfc848b95ccdcc59dfc6df8d1709a03df321d5c21e925cd691c6acbe459830d2f6c23dec17f8dc36255a5399ac818b8c8e039451f54c4ea562619bc889b4e
SSDEEP

6144:QXreO0Qg8Or9Yi9/4lYxAIbsQO6wVvYs:QI8OfeYx/bsD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2092	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2092	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2092	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2092	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2092	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2092	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2092	3032	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\586km.comp222pSearcher910\socket.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\586km.comp222pSearcher910\socket.dll
  2⤵
  PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2092-0-0x0000000000340000-0x0000000000396000-memory.dmp

Filesize
344KB

Download