Analysis

  • max time kernel
    165s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 20:33

General

  • Target

    1be665f7dec9b43c6227d165325df8c1.dll

  • Size

    157KB

  • MD5

    1be665f7dec9b43c6227d165325df8c1

  • SHA1

    190e679ecd751fabddbbdc1c8caa2be7f9db057a

  • SHA256

    23ce66bcf4f1cff309b32e85548e1105a3fffaba30652083b9c566da034f31ff

  • SHA512

    798cd48b122ce1b5a1a51b550a28aff2e9b43e62e5ff6ac0c5aa6659e5b4cf9b225019d4b5d9e8d3f879625248fca2f4785a2bd0b1a774bb363266890beb1247

  • SSDEEP

    3072:UaaZmaE0AY9rsoaBdNNHbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7cavvM:Kc0AKc71wvP6bQ7yMP+DE827leK7hu

Score
1/10

Malware Config

Signatures

  • Modifies registry class 13 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1be665f7dec9b43c6227d165325df8c1.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\1be665f7dec9b43c6227d165325df8c1.dll
      2⤵
      • Modifies registry class
      PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3868-0-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

  • memory/3868-2-0x0000000000E60000-0x0000000000E90000-memory.dmp

    Filesize

    192KB

  • memory/3868-1-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

  • memory/3868-3-0x0000000000E50000-0x0000000000E53000-memory.dmp

    Filesize

    12KB

  • memory/3868-8-0x00000000027F0000-0x00000000027F1000-memory.dmp

    Filesize

    4KB

  • memory/3868-7-0x0000000002800000-0x0000000002801000-memory.dmp

    Filesize

    4KB

  • memory/3868-6-0x00000000027E0000-0x00000000027E1000-memory.dmp

    Filesize

    4KB

  • memory/3868-5-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

    Filesize

    4KB

  • memory/3868-4-0x0000000000E40000-0x0000000000E41000-memory.dmp

    Filesize

    4KB

  • memory/3868-9-0x00000000027F0000-0x00000000027F1000-memory.dmp

    Filesize

    4KB