56475195458337d8cec242c19941bc5490533ecce7a1f1ddfc7dcf1cfecb4276 | Triage

Analysis

max time kernel
141s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:20

Sharing

Report Analysis Logs

General

Target

06bcdb8b2980bb1f78fe519a7b4e4875.dll
Size

220KB
MD5

06bcdb8b2980bb1f78fe519a7b4e4875
SHA1

eaa501c72337e24c82d77a6bc3c51108844c10e1
SHA256

56475195458337d8cec242c19941bc5490533ecce7a1f1ddfc7dcf1cfecb4276
SHA512

f52493eb145ef32c41610a01c349687bbf81858a5e2f4bb22ecc29ac2d28c8fa2f1a48c78bb641fdf38165b669bdc44a7fdf64cab9bcee7ac556997f9bf01171
SSDEEP

6144:97Ir0r7Ir0r7Ir0r7Ir0r7Ir0r7Ir0r7Ir0:9c2c2c2c2c2c2c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 4964	3948	regsvr32.exe	87
PID 3948 wrote to memory of 4964	3948	regsvr32.exe	87
PID 3948 wrote to memory of 4964	3948	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\06bcdb8b2980bb1f78fe519a7b4e4875.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\06bcdb8b2980bb1f78fe519a7b4e4875.dll
  2⤵
  PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads