ca3fd839194932d99be5e1b5ce1cae29cf8d78c72c923a5a552661b75ce0eb99 | Triage

Analysis

max time kernel
90s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 04:17

Sharing

Report Analysis Logs

General

Target

765cd5757d2cb73c63f5a7d5d0a5b4e9.dll
Size

14KB
MD5

765cd5757d2cb73c63f5a7d5d0a5b4e9
SHA1

f06c85a6ce2960e55a7fe7ba11171064fc214f7d
SHA256

ca3fd839194932d99be5e1b5ce1cae29cf8d78c72c923a5a552661b75ce0eb99
SHA512

7bc5b5334c5d49a4297317bea977ba9d9721b48efe7c23bf72240f2766b02805cd76a34012939021a23e627a2cb8597ed061a32136c0f08e776aec29863833bb
SSDEEP

384:DPniIhUgvO965hW1pDieIxvYRafejdFaG9cj:Dnz5W9+s1YeIxQGM32

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 2924	3140	regsvr32.exe	86
PID 3140 wrote to memory of 2924	3140	regsvr32.exe	86
PID 3140 wrote to memory of 2924	3140	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\765cd5757d2cb73c63f5a7d5d0a5b4e9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\765cd5757d2cb73c63f5a7d5d0a5b4e9.dll
  2⤵
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2924-0-0x0000000000010000-0x0000000000029000-memory.dmp

Filesize
100KB

Download
memory/2924-1-0x0000000000010000-0x0000000000029000-memory.dmp

Filesize
100KB

Download