4af93652c3e699a98bac5d7212023b87e9d1a53b5519b19eab53d29e0b102e6d | Triage

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 05:39

Sharing

Report Analysis Logs

General

Target

IUser.dll
Size

176KB
MD5

c51a98efcb21d017d0366f5eb6092fb5
SHA1

b57ba80d3ef24cf9bd80441145f3c3793e2428c8
SHA256

aba4ed0f26f8e8a0b31ef01bebe35748ed9427092f5cf88cdc866930324030fd
SHA512

d284ef02bdf197f78a719be97b4ff686222baeae87577d078918aba0567d67a5c2e66d555cd0d0e1eb51e66a3f571957704735602eae5a1eae21c959fe23288e
SSDEEP

3072:dNzt20uHs4Lhun3AZi3SnTyS72V7jzzCqHwJHoc8WqR0:/zFn4ut3Oy+2xjXfI8w

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 4460	1516	regsvr32.exe	95
PID 1516 wrote to memory of 4460	1516	regsvr32.exe	95
PID 1516 wrote to memory of 4460	1516	regsvr32.exe	95

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\IUser.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\IUser.dll
  2⤵
  PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2432,i,12161922670941700748,3348345705955601576,262144 --variations-seed-version /prefetch:8
1⤵
PID:3844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads