7dd92005474b60082f4e7cea7ae0564f26b2bc0c37bcc89dd5729cfbf171fb2a | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 10:42

Sharing

Report Analysis Logs

General

Target

437a668b48a0d0228cf4fb588fe09cd1.dll
Size

84KB
MD5

437a668b48a0d0228cf4fb588fe09cd1
SHA1

3661979d5b1ab372d40c03fa1919e2ed66032e7a
SHA256

7dd92005474b60082f4e7cea7ae0564f26b2bc0c37bcc89dd5729cfbf171fb2a
SHA512

f9e1dc75bdefcc38e0a1cbf03f5369ab7f26cde37c2c78edf453c79a6160aa7fe50eba7a70bec4704de2a2caf58314936242a6ff5f3840b5f11329bf1ead4a8d
SSDEEP

1536:bA4yklp25wMKKICS4A+UoJHYJWLadIQrUs5q:bA2iIsUodYJ5dxz5q

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2720	2416	regsvr32.exe	28
PID 2416 wrote to memory of 2720	2416	regsvr32.exe	28
PID 2416 wrote to memory of 2720	2416	regsvr32.exe	28
PID 2416 wrote to memory of 2720	2416	regsvr32.exe	28
PID 2416 wrote to memory of 2720	2416	regsvr32.exe	28
PID 2416 wrote to memory of 2720	2416	regsvr32.exe	28
PID 2416 wrote to memory of 2720	2416	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\437a668b48a0d0228cf4fb588fe09cd1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\437a668b48a0d0228cf4fb588fe09cd1.dll
  2⤵
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads