8f502f428851f91c022d253831231d91f80d53637e50f4cd005ddba94038d97c | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 01:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd5ab31ffab3036f33a918731f1d85e0.dll
Size

16KB
MD5

bd5ab31ffab3036f33a918731f1d85e0
SHA1

9014578984c3e413492ac3290df304b2463272e1
SHA256

8f502f428851f91c022d253831231d91f80d53637e50f4cd005ddba94038d97c
SHA512

cec86121b02ef433b4375bb1dde0c0e09babc8437be9000f75e071b7b6730fe1aaeff3d3c684d017696c3c69a3b8bbd9005f1e14a6dcf5d7beb6a81023ef48d1
SSDEEP

384:vFlOpX8ia8mSVbQru/LbojnnqJnRpHzgsENW7P5S2AK:9lOpXUDg7TcR1W7Pb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2236-0-0x0000000010000000-0x0000000010017000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2236	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2236	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2236	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2236	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2236	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2236	2176	regsvr32.exe	28
PID 2176 wrote to memory of 2236	2176	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bd5ab31ffab3036f33a918731f1d85e0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bd5ab31ffab3036f33a918731f1d85e0.dll
  2⤵
  PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download