e3f12d782d8b40fc3db755270d81a6d268c6c254dab7e126a8f7894a964e65f1 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7cd5ec790311b4f6928c4b52143e173c.dll
Size

302KB
MD5

7cd5ec790311b4f6928c4b52143e173c
SHA1

3cb4362303f242b611219c216a642e7ff349fac6
SHA256

e3f12d782d8b40fc3db755270d81a6d268c6c254dab7e126a8f7894a964e65f1
SHA512

34e166100112e0e5e211cc2bae706c73aaa408a8803a8576e9833d3b5be275843b790689fc7983f01d8a7d4d73d06289d663b085ce49194fd4bcccd40aaf9890
SSDEEP

6144:u3YjrZlcK1xPEtiy/a74j+SXLTmxx+xNx+xS:u3yr5DEi6a4pX0x+xNx+xS

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2396	2304	regsvr32.exe	28
PID 2304 wrote to memory of 2396	2304	regsvr32.exe	28
PID 2304 wrote to memory of 2396	2304	regsvr32.exe	28
PID 2304 wrote to memory of 2396	2304	regsvr32.exe	28
PID 2304 wrote to memory of 2396	2304	regsvr32.exe	28
PID 2304 wrote to memory of 2396	2304	regsvr32.exe	28
PID 2304 wrote to memory of 2396	2304	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cd5ec790311b4f6928c4b52143e173c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7cd5ec790311b4f6928c4b52143e173c.dll
  2⤵
  PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads