4fda6e3971744a7a420e1b2d8fda7967368188809d993823f8e8796057ae2aa4 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 23:00

Sharing

Report Analysis Logs

General

Target

fe7ca2d703e65eda65fd44bc760b577e.dll
Size

174KB
MD5

fe7ca2d703e65eda65fd44bc760b577e
SHA1

bcc63ea84ac5ddca1aedcd6ccb28436525d2bd36
SHA256

4fda6e3971744a7a420e1b2d8fda7967368188809d993823f8e8796057ae2aa4
SHA512

9fe8632afc81eeadc9f142babbf7b7df2c5d988e3e0333cf4d7336bcb91f7d3e0c1145ff9d0edcd52035b70de40788a69d2241c176699ad6785926bc1cf438b2
SSDEEP

3072:RjHaUoF1nFdKOMkqjMCoFBZG5dk4OM9Ovf:Rj6U7rkFl/M9Ovf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2896	624	regsvr32.exe	14
PID 624 wrote to memory of 2896	624	regsvr32.exe	14
PID 624 wrote to memory of 2896	624	regsvr32.exe	14
PID 624 wrote to memory of 2896	624	regsvr32.exe	14
PID 624 wrote to memory of 2896	624	regsvr32.exe	14
PID 624 wrote to memory of 2896	624	regsvr32.exe	14
PID 624 wrote to memory of 2896	624	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\fe7ca2d703e65eda65fd44bc760b577e.dll
1⤵
PID:2896

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fe7ca2d703e65eda65fd44bc760b577e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads