84e60fc0350f868ab260f66b48877bdb53c42fae5259f912908c8e0b693360ec | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 00:56

Sharing

Report Analysis Logs

General

Target

59dadc51b51d95e9d57f3b790261b598.dll
Size

606KB
MD5

59dadc51b51d95e9d57f3b790261b598
SHA1

34e4ca090bb880f9c65a3241c19851e68eddb730
SHA256

84e60fc0350f868ab260f66b48877bdb53c42fae5259f912908c8e0b693360ec
SHA512

40b8157bab783131f28c540ac41bb2dcfbece625624cd07a4df2845bcd46876cfa4f03bfb0059803b847099e2f77709288e6deb7ce2574625cc0dcc24ee3c1bf
SSDEEP

12288:QahE5Bf2HEg5adlfN4i73KpZonEDfXKtojn7B2m:QPDlfP6penEDaSIm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2348	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2348	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2348	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2348	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2348	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2348	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2348	1252	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\59dadc51b51d95e9d57f3b790261b598.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\59dadc51b51d95e9d57f3b790261b598.dll
  2⤵
  PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads