966508a0d5ed75ed0c2666c94690fec72659b0cf3c25a3f9567edcafc7923018 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-03-2024 17:20

Sharing

Report Analysis Logs

General

Target

d4141bb4a3a881181d41171bc6019a0a.dll
Size

38KB
MD5

d4141bb4a3a881181d41171bc6019a0a
SHA1

0bade71fcbed8272eb97e9299a8391d98e8d2111
SHA256

966508a0d5ed75ed0c2666c94690fec72659b0cf3c25a3f9567edcafc7923018
SHA512

f0cf0113758b0e6676033bbbdfe5c81db243b9daa8b5d1663fc5e2824fba8c7dd78f2c13801245aa848375f738d4a58396f62c28a9032f6edccaac601e587a79
SSDEEP

768:qnI/AHZ8GH2HvP6sfyuwDECDtKcEscIw/kN/fA:r459H2PJfNsECpTtfN/fA

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2268	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2268	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2268	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2268	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2268	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2268	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2268	2232	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d4141bb4a3a881181d41171bc6019a0a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d4141bb4a3a881181d41171bc6019a0a.dll
  2⤵
  PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2268-0-0x0000000000140000-0x000000000014F000-memory.dmp

Filesize
60KB

Download