f9249dcbe4ee1fb7f07c1d4ef91f8825081edcaf39c47d7ac261d27d31d6569f | Triage

Analysis

max time kernel
144s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 01:54

Sharing

Report Analysis Logs

General

Target

0acaa159393b959b2e78cdb1d523c975.dll
Size

27KB
MD5

0acaa159393b959b2e78cdb1d523c975
SHA1

1ee54b9635881cba4d60b5574f4f0710656e0af9
SHA256

f9249dcbe4ee1fb7f07c1d4ef91f8825081edcaf39c47d7ac261d27d31d6569f
SHA512

fea9ac1e4811ddb5bf5a94dc94144d791ffea4b63f8d315b0d62c84ee7a10970231b3a6e1aa54a44a85e5b20f7879ed815872d5259a1ca9e676d1f5e26fef6af
SSDEEP

768:UKSCquFw0GQy+7R4f3dbyW5OBXdF/oLC8:8CquFw0GQBSfdz5+Nue8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 1636	4364	regsvr32.exe	15
PID 4364 wrote to memory of 1636	4364	regsvr32.exe	15
PID 4364 wrote to memory of 1636	4364	regsvr32.exe	15

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0acaa159393b959b2e78cdb1d523c975.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0acaa159393b959b2e78cdb1d523c975.dll
  2⤵
  PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads