Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 21:59

General

  • Target

    VirusShare-000605d7cbb3928b07f8e7473c820f4c.dll

  • Size

    610KB

  • MD5

    000605d7cbb3928b07f8e7473c820f4c

  • SHA1

    52ca1593477b8f8202433f5af7befda988742d0b

  • SHA256

    32769d406d519a002aa0e8c7a410cf029d6ff567a47f549e95d6011c22cc9dda

  • SHA512

    4c944a7d8043c347bc0260c799159471ec9f568273c44ec27c1e27516cfb45833ffa6392ad0bede2177491b1b6e239f1247927105f45c55fdf3d8e265dce5ad6

  • SSDEEP

    12288:JyA1ZdqVfv/6HftOIA3+00wstpSdCi3TLdLOGLFEI2r/VBwBxHeIBv7pj:Z1fqZCHwIr00taCiHp/+I0/UVeIBT

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\regsvr32.exe
    /s C:\Users\Admin\AppData\Local\Temp\VirusShare-000605d7cbb3928b07f8e7473c820f4c.dll
    1⤵
    • Installs/modifies Browser Helper Object
    • Modifies registry class
    PID:1920
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\VirusShare-000605d7cbb3928b07f8e7473c820f4c.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2268

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1920-0-0x00000000002F0000-0x000000000038E000-memory.dmp

          Filesize

          632KB