Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 19:50

General

  • Target

    dc79a30412c7e6150bcfc38f367dc5f0.dll

  • Size

    99KB

  • MD5

    dc79a30412c7e6150bcfc38f367dc5f0

  • SHA1

    605e2822efa7eaadd98de7d962a2a42fa1a3b4d6

  • SHA256

    11fef5826e2a5b5f7506704bba525102c588f8e81f7fdc0f9acc803fd02c65b7

  • SHA512

    4c49d50af2e36d8d07bd6bf1cb998eb32aa66174d5165af5a58f20269aaa633f223f6e2f07127af02e3ee3d6e2ba2736e12b07fb431bd5f5c3d0bec2beac326a

  • SSDEEP

    3072:XkI0tvw3mVQRelb7bXxAU3PPKYjoDxKPm:XkhvVR7qU3nixIm

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dc79a30412c7e6150bcfc38f367dc5f0.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\dc79a30412c7e6150bcfc38f367dc5f0.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2076-0-0x0000000000260000-0x000000000029F000-memory.dmp

    Filesize

    252KB