68dafa463cd478cdc781dd37351f29ff89d92780836ab3127b1ce6f2fb4a60d5 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:20

Sharing

Report Analysis Logs

General

Target

217a02ab1421c2622ce8d8b0b86c25c8.dll
Size

30KB
MD5

217a02ab1421c2622ce8d8b0b86c25c8
SHA1

9b8d6fdaf968bf53f1753810f1b8bfc7e4961070
SHA256

68dafa463cd478cdc781dd37351f29ff89d92780836ab3127b1ce6f2fb4a60d5
SHA512

fcf20e2a9d2fd6fd04bc8237b525f37f66ad2dbb609a7e283f4a4505ea1827fee88fb7f0998c843a9b103c172198eb5136afabd1c374a3ab26c7479d16b62d6b
SSDEEP

768:SKSCquFw0GQO/mRsrdpRwwYbg8v4r6dDya5:2CquFw0GQixnwpaqt5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\217a02ab1421c2622ce8d8b0b86c25c8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\217a02ab1421c2622ce8d8b0b86c25c8.dll
  2⤵
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2116-0-0x0000000000130000-0x000000000013D000-memory.dmp

Filesize
52KB

Download