774fce400b9e39e35fdf9d28b431cccd013ca5b7b559d2c803fca9c642618efb | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 17:21

Sharing

Report Analysis Logs

General

Target

d6b0610dddd10b6218843395b41ecb7d.dll
Size

30KB
MD5

d6b0610dddd10b6218843395b41ecb7d
SHA1

c0bc5d97dc84eeaea90797f84c45a8408297b656
SHA256

774fce400b9e39e35fdf9d28b431cccd013ca5b7b559d2c803fca9c642618efb
SHA512

cc4aa5eb41d25909a94f239761932d6e8887b7fbb1fa7cb38fd07fbb08c365883b4f2ce74adc68ddfd6f4617f4feb70d8c6504b97f3980547b53a7a3fe176443
SSDEEP

768:dLM8JjlVmnpNqRW+UWs3AjuKm+pIGjKdhPWXa:dLnjlVmHDWswjG62AXa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2964	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2964	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2964	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2964	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2964	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2964	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2964	1716	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d6b0610dddd10b6218843395b41ecb7d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d6b0610dddd10b6218843395b41ecb7d.dll
  2⤵
  PID:2964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2964-0-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download