6e53ece82454c9449fd909ac0d5dbfa9e1bfcded07434de5cc31c347bbcd4ccb | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 15:02

Sharing

Report Analysis Logs

General

Target

WMVCORE.dll
Size

291KB
MD5

7b3f1bc90c7448b04d0c1aa85e8dce1b
SHA1

1ecf36a74f23019dc3df1297984ed968406e6ec3
SHA256

603a249b9f0c3e29ae0daa737741f6e824c5bdd507fe7817e9a26a6d650fa49e
SHA512

5cb9953fcd7847e0355e853da104f63e3aeaab506955653302a1a4a0b986dea872364c78a967b9f11c955750b9e95a33b03b60a32ba5ba63aa2ac942ed192121
SSDEEP

6144:fZlnvu5KAROoCidtxX4mZhEm6pif4EhvzJBf7zUF4ovHmKn:3vuBTntt4mZhEmgiQEhv/XUF7Pm6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2972	2860	regsvr32.exe	28
PID 2860 wrote to memory of 2972	2860	regsvr32.exe	28
PID 2860 wrote to memory of 2972	2860	regsvr32.exe	28
PID 2860 wrote to memory of 2972	2860	regsvr32.exe	28
PID 2860 wrote to memory of 2972	2860	regsvr32.exe	28
PID 2860 wrote to memory of 2972	2860	regsvr32.exe	28
PID 2860 wrote to memory of 2972	2860	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\WMVCORE.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\WMVCORE.dll
  2⤵
  PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads