f16785fbc00dcd093c66930925920da4ba0bcc36e4defe6a932fb04483d2817d | Triage

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 04:52

Sharing

Report Analysis Logs

General

Target

0f20baae0732100567d80c6818c8386e.dll
Size

215KB
MD5

0f20baae0732100567d80c6818c8386e
SHA1

2af92a85a1e18a425feacab9fe16c8b3ecb88150
SHA256

f16785fbc00dcd093c66930925920da4ba0bcc36e4defe6a932fb04483d2817d
SHA512

84522bdc733295c819ec2a50c21b64a9a743f430c90eb58d05d2c730af1b26564b9af7dd5018c738ec5df83208b8e8aeb2067c42db2ffab8d4e851c009f5d5c9
SSDEEP

6144:2JiwLX0fHzrjM1eevD8xW6hh3Orxz8hO+:L2EjM8e406CpAO+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2092	2364	regsvr32.exe	28
PID 2364 wrote to memory of 2092	2364	regsvr32.exe	28
PID 2364 wrote to memory of 2092	2364	regsvr32.exe	28
PID 2364 wrote to memory of 2092	2364	regsvr32.exe	28
PID 2364 wrote to memory of 2092	2364	regsvr32.exe	28
PID 2364 wrote to memory of 2092	2364	regsvr32.exe	28
PID 2364 wrote to memory of 2092	2364	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0f20baae0732100567d80c6818c8386e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0f20baae0732100567d80c6818c8386e.dll
  2⤵
  PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads