68685a19b0b6d4d16d27bebe0af81d7289535dab612f9cea8740f3dee9292b07 | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 05:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c7c106aa36acc473fecbb224e3e32221.dll
Size

59KB
MD5

c7c106aa36acc473fecbb224e3e32221
SHA1

adbced64159f08b7cdf697a49b54b400fbd63fce
SHA256

68685a19b0b6d4d16d27bebe0af81d7289535dab612f9cea8740f3dee9292b07
SHA512

db39a0e74dcead0f1294ad1b845e98497c2738879a75487388a47b8ce5535554bb86b2668368d38917488b89714c5dc381f8bb80a2b54e190a9e7683933f9e5f
SSDEEP

1536:0IyZf6qo7B+uM0dYe/ShRHktXR8AjWkiRJDR8Ph+:0II6qo7ku9x4HkkV31uh

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2772	2440	regsvr32.exe	28
PID 2440 wrote to memory of 2772	2440	regsvr32.exe	28
PID 2440 wrote to memory of 2772	2440	regsvr32.exe	28
PID 2440 wrote to memory of 2772	2440	regsvr32.exe	28
PID 2440 wrote to memory of 2772	2440	regsvr32.exe	28
PID 2440 wrote to memory of 2772	2440	regsvr32.exe	28
PID 2440 wrote to memory of 2772	2440	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c7c106aa36acc473fecbb224e3e32221.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c7c106aa36acc473fecbb224e3e32221.dll
  2⤵
  PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2772-0-0x0000000001D50000-0x0000000001D8A000-memory.dmp

Filesize
232KB

Download
memory/2772-1-0x0000000001D50000-0x0000000001D8A000-memory.dmp

Filesize
232KB

Download