b54db87fa8067bd7ae5de921404e23da07014909743b873b8f45690a4cb16c7d | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:24

Sharing

Report Analysis Logs

General

Target

1ce5729c2386eb7055591b1404adf41e.dll
Size

44KB
MD5

1ce5729c2386eb7055591b1404adf41e
SHA1

45a1985fb7693d06fdf50d2be33ea94954eaf9d1
SHA256

b54db87fa8067bd7ae5de921404e23da07014909743b873b8f45690a4cb16c7d
SHA512

1ef41f463e8d6e69026487ed2cd1736ea551bcff09c92f642f0c953e39dd2b7782286cd20fa9bd14bd5e649a7975dd01de184d135b36dd9bf6f5b0df1dd7c01c
SSDEEP

768:e9ORiDCapkavumGapWMgmXaBnGBf4ygLa1d6:bRJtTmXaBncWLaX6

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1968	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1968	Rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2956	2516	regsvr32.exe	14
PID 2516 wrote to memory of 2956	2516	regsvr32.exe	14
PID 2516 wrote to memory of 2956	2516	regsvr32.exe	14
PID 2516 wrote to memory of 2956	2516	regsvr32.exe	14
PID 2516 wrote to memory of 2956	2516	regsvr32.exe	14
PID 2516 wrote to memory of 2956	2516	regsvr32.exe	14
PID 2516 wrote to memory of 2956	2516	regsvr32.exe	14
PID 2956 wrote to memory of 1968	2956	regsvr32.exe	17
PID 2956 wrote to memory of 1968	2956	regsvr32.exe	17
PID 2956 wrote to memory of 1968	2956	regsvr32.exe	17
PID 2956 wrote to memory of 1968	2956	regsvr32.exe	17
PID 2956 wrote to memory of 1968	2956	regsvr32.exe	17
PID 2956 wrote to memory of 1968	2956	regsvr32.exe	17
PID 2956 wrote to memory of 1968	2956	regsvr32.exe	17

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\1ce5729c2386eb7055591b1404adf41e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\Rundll32.exe
  C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ce5729c2386eb7055591b1404adf41e.dll,DllUnregisterServer
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1968

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1ce5729c2386eb7055591b1404adf41e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads