d003cefefcb37d7400b6d5a7a2d60528a1437471c2bcff4ce142ac8a18c2b165 | Triage

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 05:57

Sharing

Report Analysis Logs

General

Target

09c08cff3f81039a4289a0db3c9f3abb.dll
Size

128KB
MD5

09c08cff3f81039a4289a0db3c9f3abb
SHA1

28dad75fcbd7eb6950d8775b1ec4f5e0069dadfa
SHA256

d003cefefcb37d7400b6d5a7a2d60528a1437471c2bcff4ce142ac8a18c2b165
SHA512

d6d6cc74531f8b3b30ebf7524e06b83c6c2a3be99121a18513116f0ebaed89d9ff8cd7798cdf38218d2d99f15bf1a344c61e6def8298d08db66bf485cd64a3f9
SSDEEP

1536:8JqYQw0QByS5A8i2li95fpFv7ezKMTlCkPm3f:+BbYS5A/2iT4lC5P

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 2348	5088	regsvr32.exe	89
PID 5088 wrote to memory of 2348	5088	regsvr32.exe	89
PID 5088 wrote to memory of 2348	5088	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\09c08cff3f81039a4289a0db3c9f3abb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\09c08cff3f81039a4289a0db3c9f3abb.dll
  2⤵
  PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2348-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download