8d5e46525daad8c60806cc97130bc73ad0533769bb5ed59d05209a9119449b4f | Triage

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 01:21

Sharing

Report Analysis Logs

General

Target

09eb0a7c6089a1f2a4a3ea5d6740b35a.dll
Size

39KB
MD5

09eb0a7c6089a1f2a4a3ea5d6740b35a
SHA1

c0d86622efb7217aa7974c6f82d9f4454cb6cabe
SHA256

8d5e46525daad8c60806cc97130bc73ad0533769bb5ed59d05209a9119449b4f
SHA512

301aa6cc9303083f7149909d4b33af182f5aec0348b81b65e9b403efd0b71a236a7628889dfe3e3748958689ea6166c9e64d043d3273d1abd109f9e898ea68dd
SSDEEP

768:3UVP+wH8TUrXUwYlwm1Rgg5MPZVAXuMsjDCpeti:3aWwH4UrXLY91Kg5MPoehDc6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 1472	2544	regsvr32.exe	49
PID 2544 wrote to memory of 1472	2544	regsvr32.exe	49
PID 2544 wrote to memory of 1472	2544	regsvr32.exe	49

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\09eb0a7c6089a1f2a4a3ea5d6740b35a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\09eb0a7c6089a1f2a4a3ea5d6740b35a.dll
  2⤵
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads