aab9e3d3f923f7c17694df3bd395aea1112f87e63580c1762579c43056d3b2da | Triage

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 14:10

Sharing

Report Analysis Logs

General

Target

317631.dll
Size

476KB
MD5

f32839de7b3209090778a9a4c5e14cce
SHA1

ca33599617a5de46cb3e726d66eee9d48e5a78af
SHA256

aab9e3d3f923f7c17694df3bd395aea1112f87e63580c1762579c43056d3b2da
SHA512

0aff888a6433bbae83bf2f7694158d25ceb6e3c7083b447cfb9241e529df0971d70598eb5005e048f605237def92f1a89c6172095272fd13b5add85cdab20015
SSDEEP

12288:v+P9B4JFF6iIJoLjIE0LO5Q23eankS0HsQBw:vHJaKE5L4US0HJw

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2336	2420	regsvr32.exe	28
PID 2420 wrote to memory of 2336	2420	regsvr32.exe	28
PID 2420 wrote to memory of 2336	2420	regsvr32.exe	28
PID 2420 wrote to memory of 2336	2420	regsvr32.exe	28
PID 2420 wrote to memory of 2336	2420	regsvr32.exe	28
PID 2420 wrote to memory of 2336	2420	regsvr32.exe	28
PID 2420 wrote to memory of 2336	2420	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\317631.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\317631.dll
  2⤵
  PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2336-0-0x00000000002F0000-0x0000000000324000-memory.dmp

Filesize
208KB

Download
memory/2336-1-0x00000000002F0000-0x0000000000324000-memory.dmp

Filesize
208KB

Download