3f403eba529ef2977fb074fe21fa039930af407389afff7d7f09057964c8cb57 | Triage

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 05:17

Sharing

Report Analysis Logs

General

Target

64915871aa9c8ef93d23524df84d5d25.dll
Size

31KB
MD5

64915871aa9c8ef93d23524df84d5d25
SHA1

1939fb13fe407f21eb0cfa22c7e6c0b73cc14ceb
SHA256

3f403eba529ef2977fb074fe21fa039930af407389afff7d7f09057964c8cb57
SHA512

68411a6ad34f1ec7747a9eb228295d0fc123680607e0c032604355dab825e0cd0bd8afadcde83179a56a6a0777053eb435d6d9744978450f1bb3627200c0729c
SSDEEP

768:YKSSquM30GQPCe8jE0ZP0wbLlVsltvhtixplrBA:oSquM30GQPCegtZBsltvh8x

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 1996	5036	regsvr32.exe	87
PID 5036 wrote to memory of 1996	5036	regsvr32.exe	87
PID 5036 wrote to memory of 1996	5036	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\64915871aa9c8ef93d23524df84d5d25.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\64915871aa9c8ef93d23524df84d5d25.dll
  2⤵
  PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-0-0x0000000000490000-0x000000000049E000-memory.dmp

Filesize
56KB

Download