17e08db61a461a1e05fac84514f56e7aad0447ec029cfea50a4b623dd458ae8d | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:02

Sharing

Report Analysis Logs

General

Target

227db4adac6685b207e76b6e85b49e10.dll
Size

33KB
MD5

227db4adac6685b207e76b6e85b49e10
SHA1

6924a0d8c4b11484ef00b15626550f0cc7932631
SHA256

17e08db61a461a1e05fac84514f56e7aad0447ec029cfea50a4b623dd458ae8d
SHA512

fbca89a9fc396a476432eef8a9e7b987871351d79559946a9c442fdc5a2d6b59407f72d6b7334095735ab6713eee2a8f4ecd52967cf47a968a224939a54a30b2
SSDEEP

768:yoiiqZOHZQhnSPCONTqJqTJWk1Hdste+tIrgX:yviqZiZQhAZTjTJWk1Hd8rX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	28
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	28
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	28
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	28
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	28
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	28
PID 2916 wrote to memory of 2804	2916	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\227db4adac6685b207e76b6e85b49e10.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\227db4adac6685b207e76b6e85b49e10.dll
  2⤵
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2804-0-0x00000000001C0000-0x00000000001CE000-memory.dmp

Filesize
56KB

Download