3c0e73cfa3348b78f128bb48ef31090c9b7544b70f65141a58c035416bf019b0 | Triage

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 08:10

Sharing

Report Analysis Logs

General

Target

79b85bad412e057cae57baebcc57aac7.dll
Size

59KB
MD5

79b85bad412e057cae57baebcc57aac7
SHA1

66a8ba69660ac7f7a5da208b17611a8fada30371
SHA256

3c0e73cfa3348b78f128bb48ef31090c9b7544b70f65141a58c035416bf019b0
SHA512

29ec53e7ac7b87122b71079c2eb6f88570b3a9ca4c2c1b4f07698623d62b0a4b64f088210545dc004a6e5b5aa8f39f1f9a0381a6efe79aac71e99d8ab2930174
SSDEEP

1536:GIyposNpbCDuouwtK2Z8IG7CbLu0hsrrOa/:GIaosNstKvIOqa0h6r

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 3376	2792	regsvr32.exe	85
PID 2792 wrote to memory of 3376	2792	regsvr32.exe	85
PID 2792 wrote to memory of 3376	2792	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\79b85bad412e057cae57baebcc57aac7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\79b85bad412e057cae57baebcc57aac7.dll
  2⤵
  PID:3376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3376-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3376-2-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3376-1-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

Filesize
4KB

Download