089e3222ee1de13d0feb5fab7ec540a3165eb2f6723cff71a68b38d3cf5ab737 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2d10c881e99453e036b359e67075eb8a.dll
Size

165KB
MD5

2d10c881e99453e036b359e67075eb8a
SHA1

33756f3453cd2cf98fc7e4dc637493b0347b8961
SHA256

089e3222ee1de13d0feb5fab7ec540a3165eb2f6723cff71a68b38d3cf5ab737
SHA512

e61514d8a76a18a0669d301300fca6b3bcdc49dd35d03d6aa423e45d709250b500c4600c579648cd9e4f64702cf9e9c55ae4d202081770445724cc6e403155aa
SSDEEP

3072:0JHRK6t1LklzFJeolW0iV+Q2QWSICRGPRf/t6Zx/A:UJjkpF75ik+WSICRGPR9

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WinX86.log	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2332	1276	regsvr32.exe	16
PID 1276 wrote to memory of 2332	1276	regsvr32.exe	16
PID 1276 wrote to memory of 2332	1276	regsvr32.exe	16
PID 1276 wrote to memory of 2332	1276	regsvr32.exe	16
PID 1276 wrote to memory of 2332	1276	regsvr32.exe	16
PID 1276 wrote to memory of 2332	1276	regsvr32.exe	16
PID 1276 wrote to memory of 2332	1276	regsvr32.exe	16

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d10c881e99453e036b359e67075eb8a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2d10c881e99453e036b359e67075eb8a.dll
  2⤵
  - Drops file in System32 directory
  PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads