c1819663eb544770743f79992927185cf1d3fd07aa07345893318791f5755698 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 16:31

Sharing

Report Analysis Logs

General

Target

7ce123e9571efc0cc33f6a2c1f25af74.dll
Size

100KB
MD5

7ce123e9571efc0cc33f6a2c1f25af74
SHA1

5b1a3c4a510c9d3b24b56ec741819c27751d0c84
SHA256

c1819663eb544770743f79992927185cf1d3fd07aa07345893318791f5755698
SHA512

aaaf029872001cdd2b8ed9706310a21b483750a3a3ea192d8682ae78ba97e8ec51ae1e11d46855c07839d77cefe10b23cf6cdea7c4f4f20225fff710ab19f2e6
SSDEEP

3072:MuVzYJlTPrE1WoCELHAM6Xj4biGBmUkUk:f5YTTPrEwoCELHAL4RfkU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2832	2432	regsvr32.exe	28
PID 2432 wrote to memory of 2832	2432	regsvr32.exe	28
PID 2432 wrote to memory of 2832	2432	regsvr32.exe	28
PID 2432 wrote to memory of 2832	2432	regsvr32.exe	28
PID 2432 wrote to memory of 2832	2432	regsvr32.exe	28
PID 2432 wrote to memory of 2832	2432	regsvr32.exe	28
PID 2432 wrote to memory of 2832	2432	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7ce123e9571efc0cc33f6a2c1f25af74.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7ce123e9571efc0cc33f6a2c1f25af74.dll
  2⤵
  PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2832-0-0x0000000000200000-0x0000000000247000-memory.dmp

Filesize
284KB

Download
memory/2832-1-0x0000000000200000-0x0000000000247000-memory.dmp

Filesize
284KB

Download