84e60fc0350f868ab260f66b48877bdb53c42fae5259f912908c8e0b693360ec | Triage

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 00:56

Sharing

Report Analysis Logs

General

Target

59dadc51b51d95e9d57f3b790261b598.dll
Size

606KB
MD5

59dadc51b51d95e9d57f3b790261b598
SHA1

34e4ca090bb880f9c65a3241c19851e68eddb730
SHA256

84e60fc0350f868ab260f66b48877bdb53c42fae5259f912908c8e0b693360ec
SHA512

40b8157bab783131f28c540ac41bb2dcfbece625624cd07a4df2845bcd46876cfa4f03bfb0059803b847099e2f77709288e6deb7ce2574625cc0dcc24ee3c1bf
SSDEEP

12288:QahE5Bf2HEg5adlfN4i73KpZonEDfXKtojn7B2m:QPDlfP6penEDaSIm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4800	4784	regsvr32.exe	26
PID 4784 wrote to memory of 4800	4784	regsvr32.exe	26
PID 4784 wrote to memory of 4800	4784	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\59dadc51b51d95e9d57f3b790261b598.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\59dadc51b51d95e9d57f3b790261b598.dll
  2⤵
  PID:4800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads