ca8037eac6178485e8d8615aa4adf2046375d8c47869647a4f7a2977055931c4 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:50

Sharing

Report Analysis Logs

General

Target

7502c51fe39a1235cf78293924d164d1.dll
Size

261KB
MD5

7502c51fe39a1235cf78293924d164d1
SHA1

bbeaeab8ca553ae0d5b7e18788989f53a1339cf9
SHA256

ca8037eac6178485e8d8615aa4adf2046375d8c47869647a4f7a2977055931c4
SHA512

136995e2ab2f197b938940cdb519c715221739008a2d1ca5a48f898324fe2b9ffbf2815b48901cb3f46d3fabb253116199c2d5653ebd680553a6c10d3cd9c631
SSDEEP

3072:EXCpQIg4lC6msvBlenXv2JwmdMNdSdEnhhc+3+:EXr/si/aShc+3+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2380 wrote to memory of 3048	2380	regsvr32.exe	regsvr32.exe
PID 2380 wrote to memory of 3048	2380	regsvr32.exe	regsvr32.exe
PID 2380 wrote to memory of 3048	2380	regsvr32.exe	regsvr32.exe
PID 2380 wrote to memory of 3048	2380	regsvr32.exe	regsvr32.exe
PID 2380 wrote to memory of 3048	2380	regsvr32.exe	regsvr32.exe
PID 2380 wrote to memory of 3048	2380	regsvr32.exe	regsvr32.exe
PID 2380 wrote to memory of 3048	2380	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7502c51fe39a1235cf78293924d164d1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2380

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\7502c51fe39a1235cf78293924d164d1.dll
2⤵
PID:3048

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...