b5ab9a2a12a3a4ad54d96b29d6637538ec0b17e7ea41139959b219872ee42127 | Triage

Analysis

max time kernel
18s
max time network
23s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 04:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4f8ba42832eb78694f84bb37713ea444.dll
Size

828KB
MD5

4f8ba42832eb78694f84bb37713ea444
SHA1

dfbc36b8deb1ee8ed232a8450bebe659a0865cbc
SHA256

b5ab9a2a12a3a4ad54d96b29d6637538ec0b17e7ea41139959b219872ee42127
SHA512

c87e5beb836c3d208ab93d6e73862f9178472832ef0513f3480c4bd195c83b7bd0f12f81283cf8bc896d6be63fc95d984110726f08c8ccd674a50f338ccf99cb
SSDEEP

24576:LRTV639rQYuMUClk+9ydQ375FkdlbUv+SKTV5n:LxVaJzWE3wlSs

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2412	2188	regsvr32.exe	28
PID 2188 wrote to memory of 2412	2188	regsvr32.exe	28
PID 2188 wrote to memory of 2412	2188	regsvr32.exe	28
PID 2188 wrote to memory of 2412	2188	regsvr32.exe	28
PID 2188 wrote to memory of 2412	2188	regsvr32.exe	28
PID 2188 wrote to memory of 2412	2188	regsvr32.exe	28
PID 2188 wrote to memory of 2412	2188	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4f8ba42832eb78694f84bb37713ea444.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4f8ba42832eb78694f84bb37713ea444.dll
  2⤵
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2412-0-0x0000000001E10000-0x0000000001EEA000-memory.dmp

Filesize
872KB

Download