4607d7359a69a6e061e38d080a3ddd2c83d7f7b6e22f12ca32b3854970d36603 | Triage

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 09:27

Sharing

Report Analysis Logs

General

Target

407e2e546e06cade6e773bbc487f1f80.dll
Size

120KB
MD5

407e2e546e06cade6e773bbc487f1f80
SHA1

f350d24770dba7bb4fc4302e0d50d2ac2b1d8d06
SHA256

4607d7359a69a6e061e38d080a3ddd2c83d7f7b6e22f12ca32b3854970d36603
SHA512

2eb90047293bb26494d7c41bf2ec366f53a2c535f33ea20a30f154708f389b6460e8db61b8d6ae1c326e7c0dbefee8923bd0cf090ce73a6df79ffc6a1e73d114
SSDEEP

1536:FkfiN3wFAdDkfiN3wFAdDkfiN3wFAdDkfiN3wFAd:fN3w6N3w6N3w6N3w

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2264	2312	regsvr32.exe	28
PID 2312 wrote to memory of 2264	2312	regsvr32.exe	28
PID 2312 wrote to memory of 2264	2312	regsvr32.exe	28
PID 2312 wrote to memory of 2264	2312	regsvr32.exe	28
PID 2312 wrote to memory of 2264	2312	regsvr32.exe	28
PID 2312 wrote to memory of 2264	2312	regsvr32.exe	28
PID 2312 wrote to memory of 2264	2312	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\407e2e546e06cade6e773bbc487f1f80.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\407e2e546e06cade6e773bbc487f1f80.dll
  2⤵
  PID:2264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2264-0-0x00000000000D0000-0x00000000000DD000-memory.dmp

Filesize
52KB

Download