63bede43089b86793e44ed5c924c6ce11fd57aca31bfa3060f14500ee760032a | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 07:06

Sharing

Report Analysis Logs

General

Target

b418200205022ff299e757e6c51e3f58.dll
Size

117KB
MD5

b418200205022ff299e757e6c51e3f58
SHA1

6065314647039c169ff3ed993c6d8dc90ceffb1c
SHA256

63bede43089b86793e44ed5c924c6ce11fd57aca31bfa3060f14500ee760032a
SHA512

801c9935cd4fe7d144dc82c4613eec8e977a4b27b829fe90c19c7db093a9c759750115bd6cbc567984dbcffc31e334e2bcc4f00a103f187e86d04945d0ae0881
SSDEEP

3072:0pCMksnbvzvx8l8VutkQPFyQQzPAaPyImN:FATzvSleuyQPFQzPD8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 3896	2512	regsvr32.exe	89
PID 2512 wrote to memory of 3896	2512	regsvr32.exe	89
PID 2512 wrote to memory of 3896	2512	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b418200205022ff299e757e6c51e3f58.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b418200205022ff299e757e6c51e3f58.dll
  2⤵
  PID:3896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3896-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3896-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download