a6d10c62061f023e965160e2f9f68ba1528da4c05b44b1e023a60f18ec03d7e6 | Triage

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 09:39

Sharing

Report Analysis Logs

General

Target

14c50749f1c4de0baf89895fa7e216b9.dll
Size

128KB
MD5

14c50749f1c4de0baf89895fa7e216b9
SHA1

246ccbea35586b6be7fef1efe9f3d06dee9159a2
SHA256

a6d10c62061f023e965160e2f9f68ba1528da4c05b44b1e023a60f18ec03d7e6
SHA512

09d9b81b87a4384e4690e3bcea135c92223cb70103bf21eb41ef72f1e9617a9ef7a71694328cd82899706f993e3aac51d39f422d3b0e46ae93d7fc770f510e97
SSDEEP

1536:fHLi9qmQh3uQdPiJIgvCrRLt9+Fb2TK/AO6xZ2C:fHL6A3BYIiCdJssca2C

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 1100	2500	regsvr32.exe	28
PID 2500 wrote to memory of 1100	2500	regsvr32.exe	28
PID 2500 wrote to memory of 1100	2500	regsvr32.exe	28
PID 2500 wrote to memory of 1100	2500	regsvr32.exe	28
PID 2500 wrote to memory of 1100	2500	regsvr32.exe	28
PID 2500 wrote to memory of 1100	2500	regsvr32.exe	28
PID 2500 wrote to memory of 1100	2500	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\14c50749f1c4de0baf89895fa7e216b9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\14c50749f1c4de0baf89895fa7e216b9.dll
  2⤵
  PID:1100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1100-0-0x0000000000140000-0x0000000000160000-memory.dmp

Filesize
128KB

Download