9dfa44846c0f875b678e81ba7958e58e4e157379b59c2b96bbefe63dc2413001 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 01:09

Sharing

Report Analysis Logs

General

Target

099e93f35bccc2eac1b496a7ca5c2d67.dll
Size

27KB
MD5

099e93f35bccc2eac1b496a7ca5c2d67
SHA1

d3fbffdc730591a37d90ae0384edf17ab79f5aab
SHA256

9dfa44846c0f875b678e81ba7958e58e4e157379b59c2b96bbefe63dc2413001
SHA512

a26416259b21274be56222bc8399c5c8f07e6a7fb1d0ddc7e913777289663f395d88fd804865ff9e3e15933175c48f37c01822436baee292a1ba2d70efae2a68
SSDEEP

768:1KSCquFw0GQy+7R4f3dgikU9W9ygdj/2swu:vCquFw0GQBSfdbvA97yfu

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 2488	832	regsvr32.exe	28
PID 832 wrote to memory of 2488	832	regsvr32.exe	28
PID 832 wrote to memory of 2488	832	regsvr32.exe	28
PID 832 wrote to memory of 2488	832	regsvr32.exe	28
PID 832 wrote to memory of 2488	832	regsvr32.exe	28
PID 832 wrote to memory of 2488	832	regsvr32.exe	28
PID 832 wrote to memory of 2488	832	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\099e93f35bccc2eac1b496a7ca5c2d67.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\099e93f35bccc2eac1b496a7ca5c2d67.dll
  2⤵
  PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2488-0-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download