Analysis

  • max time kernel
    141s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 15:23

General

  • Target

    dbf5ff8f0825d42b6e49f9499d17e320.dll

  • Size

    522KB

  • MD5

    dbf5ff8f0825d42b6e49f9499d17e320

  • SHA1

    7226c383cd9126f2e491004d49b544c53b2cd95e

  • SHA256

    7c8a2a6e3b4db09e1cbe5e686175eb15c8f17fdbea0f9c04a4b59156ff7132e8

  • SHA512

    8aa26f631cddafd6aa0282b688fb633b1d9aa69e394d9f3604c89781083d78de3d2dd39690f5bbc316c11db11c6790b459f4e0ef0270edec945c6a87dfea677a

  • SSDEEP

    6144:pW7T4W2Jf+FXgMOC9h/Yl+BFOou/BjWYvm/nSjQuuqz1zUuWO72p7Dl8Fih/060s:6cW2JiXgzC9hgl+Sqn7uuAwL9kih0ns

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dbf5ff8f0825d42b6e49f9499d17e320.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\dbf5ff8f0825d42b6e49f9499d17e320.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads