e5fec250b258d34afd73468e368e496dd63b42c1afdb4b51578aa98d343b7a94 | Triage

Analysis

max time kernel
92s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 11:09

Sharing

Report Analysis Logs

General

Target

ISSetup.dll
Size

528KB
MD5

234b69de40636a55db2626dddb52a27a
SHA1

e401cbc8c8f622cc07d492e4417a9e6ccf51c708
SHA256

948fd89e111d988ed3f6d5e9d5fa17a20ad1f30a3cc7e444a47c111e42198570
SHA512

4cb2f382d2803069521e2c209cf9f86628d4379ed69b43bae49bf9d42bb844ede79eb5f00fcee9795f7fb0e10882f710866f68d9dcd86851f29fbd3e4bef7a66
SSDEEP

12288:AyF3SrUVaX7zyCyHHjDLLhSuZhqVSNlw8XkMgrNGZ:AyF3Sr0aiC4vhSOhGSvbxgrAZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 4572	2992	regsvr32.exe	15
PID 2992 wrote to memory of 4572	2992	regsvr32.exe	15
PID 2992 wrote to memory of 4572	2992	regsvr32.exe	15

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ISSetup.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ISSetup.dll
  2⤵
  PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4572-1-0x00000000013D0000-0x00000000013D2000-memory.dmp

Filesize
8KB

Download
memory/4572-0-0x0000000010000000-0x0000000010191000-memory.dmp

Filesize
1.6MB

Download