9a6b2a199af672934bc1de34dd9c668bbe5106c3d6e4889cf2c8170ad4f9d2f6 | Triage

Analysis

max time kernel
193s
max time network
205s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
07-01-2024 02:48

Sharing

Report Analysis Logs

General

Target

840000.dll
Size

28KB
MD5

6787927b005c1705d5b5c20278d4e6c0
SHA1

3454b0aa14a67e3d833f1141b39cc6b8b487a0d4
SHA256

9a6b2a199af672934bc1de34dd9c668bbe5106c3d6e4889cf2c8170ad4f9d2f6
SHA512

9afd534da51317a63b2751b8d31e248cd29d732e3b27c048ac9578bb6a1e3c59a670bb4e593d3ccb2b43379279e9d0968ed3b720aa71753ea20ddb64f7df74bd
SSDEEP

384:Jci7KqJESXvZioqMWFDNslwKYmS1NN6AmU4tbZRB:JF1DvZioEM06AmUSB

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2208	regsvr32.exe
2208	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2208	2808	regsvr32.exe	72
PID 2808 wrote to memory of 2208	2808	regsvr32.exe	72
PID 2808 wrote to memory of 2208	2808	regsvr32.exe	72

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\840000.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\840000.dll
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads