f38ff95b79b9590a825c083ad77edb4199ed4cdaf2e19b277bbde52c7d6fbd0f | Triage

Analysis

max time kernel
131s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 12:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5685759a0951773372160c67d5b17e9f.dll
Size

84KB
MD5

5685759a0951773372160c67d5b17e9f
SHA1

f3d1437d0ed048d48a65099ac1b104a80b87f7fb
SHA256

f38ff95b79b9590a825c083ad77edb4199ed4cdaf2e19b277bbde52c7d6fbd0f
SHA512

9d40610f9e22dbd03be254fda189d97d92a9fd5ad4c3b97a18fafab586ffe5fde8660a6429222bf9be1e0045ed9ba759c59fb7407b495193a5deb0d5279378a7
SSDEEP

1536:tgxgMzoZiloOT1J+Eq0jWNAtApf4Sp4V:tgOMEZilV+x2clpp4V

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 2220	4940	regsvr32.exe	87
PID 4940 wrote to memory of 2220	4940	regsvr32.exe	87
PID 4940 wrote to memory of 2220	4940	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5685759a0951773372160c67d5b17e9f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5685759a0951773372160c67d5b17e9f.dll
  2⤵
  PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2220-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download