f9249dcbe4ee1fb7f07c1d4ef91f8825081edcaf39c47d7ac261d27d31d6569f | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 01:54

Sharing

Report Analysis Logs

General

Target

0acaa159393b959b2e78cdb1d523c975.dll
Size

27KB
MD5

0acaa159393b959b2e78cdb1d523c975
SHA1

1ee54b9635881cba4d60b5574f4f0710656e0af9
SHA256

f9249dcbe4ee1fb7f07c1d4ef91f8825081edcaf39c47d7ac261d27d31d6569f
SHA512

fea9ac1e4811ddb5bf5a94dc94144d791ffea4b63f8d315b0d62c84ee7a10970231b3a6e1aa54a44a85e5b20f7879ed815872d5259a1ca9e676d1f5e26fef6af
SSDEEP

768:UKSCquFw0GQy+7R4f3dbyW5OBXdF/oLC8:8CquFw0GQBSfdz5+Nue8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3032	2928	regsvr32.exe	28
PID 2928 wrote to memory of 3032	2928	regsvr32.exe	28
PID 2928 wrote to memory of 3032	2928	regsvr32.exe	28
PID 2928 wrote to memory of 3032	2928	regsvr32.exe	28
PID 2928 wrote to memory of 3032	2928	regsvr32.exe	28
PID 2928 wrote to memory of 3032	2928	regsvr32.exe	28
PID 2928 wrote to memory of 3032	2928	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0acaa159393b959b2e78cdb1d523c975.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0acaa159393b959b2e78cdb1d523c975.dll
  2⤵
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads