b313f70a6ce680947ed27a33c1132cee4f6883c9294e5fb3944a0426da71d675 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 21:37

Sharing

Report Analysis Logs

General

Target

49d57f999058b0e0c1a44b1ef3056543.dll
Size

158KB
MD5

49d57f999058b0e0c1a44b1ef3056543
SHA1

f6886fa1b4182ebd7b6102020fbbed4a31433673
SHA256

b313f70a6ce680947ed27a33c1132cee4f6883c9294e5fb3944a0426da71d675
SHA512

7de2fe70e1a4d38ff67a9ea3b601cacad067c1c9f6861ef1e13689572a4852585e01ead32ae3bac8b1d95f10d9698666ed9919e81552b0023cb4a963a2f3bea1
SSDEEP

3072:46LIAvKfXI2BHbqw9pQCN/jjW2LExvI+C2BH:lLIAifXTrQejjW2LLy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2644	3064	regsvr32.exe	28
PID 3064 wrote to memory of 2644	3064	regsvr32.exe	28
PID 3064 wrote to memory of 2644	3064	regsvr32.exe	28
PID 3064 wrote to memory of 2644	3064	regsvr32.exe	28
PID 3064 wrote to memory of 2644	3064	regsvr32.exe	28
PID 3064 wrote to memory of 2644	3064	regsvr32.exe	28
PID 3064 wrote to memory of 2644	3064	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\49d57f999058b0e0c1a44b1ef3056543.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\49d57f999058b0e0c1a44b1ef3056543.dll
  2⤵
  PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2644-0-0x00000000001E0000-0x0000000000223000-memory.dmp

Filesize
268KB

Download
memory/2644-1-0x00000000001E0000-0x0000000000223000-memory.dmp

Filesize
268KB

Download