4607d7359a69a6e061e38d080a3ddd2c83d7f7b6e22f12ca32b3854970d36603 | Triage

Analysis

max time kernel
149s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 09:27

Sharing

Report Analysis Logs

General

Target

407e2e546e06cade6e773bbc487f1f80.dll
Size

120KB
MD5

407e2e546e06cade6e773bbc487f1f80
SHA1

f350d24770dba7bb4fc4302e0d50d2ac2b1d8d06
SHA256

4607d7359a69a6e061e38d080a3ddd2c83d7f7b6e22f12ca32b3854970d36603
SHA512

2eb90047293bb26494d7c41bf2ec366f53a2c535f33ea20a30f154708f389b6460e8db61b8d6ae1c326e7c0dbefee8923bd0cf090ce73a6df79ffc6a1e73d114
SSDEEP

1536:FkfiN3wFAdDkfiN3wFAdDkfiN3wFAdDkfiN3wFAd:fN3w6N3w6N3w6N3w

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 3184	1344	regsvr32.exe	89
PID 1344 wrote to memory of 3184	1344	regsvr32.exe	89
PID 1344 wrote to memory of 3184	1344	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\407e2e546e06cade6e773bbc487f1f80.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\407e2e546e06cade6e773bbc487f1f80.dll
  2⤵
  PID:3184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads