786e6c2c063fe0e927389983fa21f53a3475be7ab478cc28300f6bf055ad368a | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 11:56

Sharing

Report Analysis Logs

General

Target

6c844256b1db6a6ff19b3d12df629ae3.dll
Size

128KB
MD5

6c844256b1db6a6ff19b3d12df629ae3
SHA1

e3fb2e4d1adf41fd5f9d4fc0b9effe42337606cc
SHA256

786e6c2c063fe0e927389983fa21f53a3475be7ab478cc28300f6bf055ad368a
SHA512

9a7d93c5fb8b35c69daefc4900f36ec5dfc3ff360f13f5493b772e8fda0ab1548cbba378f6916fcc37176affd9aa8fa8c743c65406594f99f03230f3a442df56
SSDEEP

1536:0JqYQw0QByS5A8i2li95fpFg7ezKMTlCkPm3Z:WBbYS5A/2ik4lC5J

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2816	2940	regsvr32.exe	28
PID 2940 wrote to memory of 2816	2940	regsvr32.exe	28
PID 2940 wrote to memory of 2816	2940	regsvr32.exe	28
PID 2940 wrote to memory of 2816	2940	regsvr32.exe	28
PID 2940 wrote to memory of 2816	2940	regsvr32.exe	28
PID 2940 wrote to memory of 2816	2940	regsvr32.exe	28
PID 2940 wrote to memory of 2816	2940	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6c844256b1db6a6ff19b3d12df629ae3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6c844256b1db6a6ff19b3d12df629ae3.dll
  2⤵
  PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2816-0-0x0000000000300000-0x0000000000320000-memory.dmp

Filesize
128KB

Download