25e73a768d62634522dc4b04a223179705c38a9b79649441a0cbd0eab63eb314 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 08:16

Sharing

Report Analysis Logs

General

Target

76d9d7c451da15b69ca4471c0178b333.dll
Size

128KB
MD5

76d9d7c451da15b69ca4471c0178b333
SHA1

aa249a6a82ee74fe66da1b8119195c231c94553b
SHA256

25e73a768d62634522dc4b04a223179705c38a9b79649441a0cbd0eab63eb314
SHA512

3d18b2de4de6b0b05c3379208097aeacfa990cc361b80ef7f7998dd780013a45a22061cefda345112d2400b814b9c49abb9f696776541dfc55bdbb7b2250b612
SSDEEP

1536:OUgJ+bng2rWyvmULwsQqdnITBNQIZnCLzs1A6:O2rWyv7wc8iItCLzs1H

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 3020	880	regsvr32.exe	17
PID 880 wrote to memory of 3020	880	regsvr32.exe	17
PID 880 wrote to memory of 3020	880	regsvr32.exe	17
PID 880 wrote to memory of 3020	880	regsvr32.exe	17
PID 880 wrote to memory of 3020	880	regsvr32.exe	17
PID 880 wrote to memory of 3020	880	regsvr32.exe	17
PID 880 wrote to memory of 3020	880	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\76d9d7c451da15b69ca4471c0178b333.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\76d9d7c451da15b69ca4471c0178b333.dll
  2⤵
  PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads