32868b96c6329705a45c7149dd3e7afcdf058b357e6af339495250658f9a8b59 | Triage

Analysis

max time kernel
114s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 20:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0399bc9ac7682278d607571ef44ae842.dll
Size

27KB
MD5

0399bc9ac7682278d607571ef44ae842
SHA1

fcfbf814073bc6a93a55cc2b9fcf46909b28c8d7
SHA256

32868b96c6329705a45c7149dd3e7afcdf058b357e6af339495250658f9a8b59
SHA512

f7156814aac81ba7df21b6315fc17b02407e3419fe1a4a4c3c86a9e7eef66a5536109131480c0ba471f5b39cba903402ad09ab7e068c5e5858f25088efcd4263
SSDEEP

768:pKSCquFw0GQm+7R4f3dYm8HmPSgdjqJZ70o:bCquFw0GQtSfd5qUSZoo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 428	4704	regsvr32.exe	88
PID 4704 wrote to memory of 428	4704	regsvr32.exe	88
PID 4704 wrote to memory of 428	4704	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0399bc9ac7682278d607571ef44ae842.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0399bc9ac7682278d607571ef44ae842.dll
  2⤵
  PID:428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads