c0cbd2c269e84756d46cdc0ddbc0e7cd767b60463ab23ec7676a5a33895a3a4a | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 10:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

deec56b47e89b32f4b1cab0558d81fab.dll
Size

33KB
MD5

deec56b47e89b32f4b1cab0558d81fab
SHA1

e400772c291b0fb587602f0b00717b3ea38f1e2f
SHA256

c0cbd2c269e84756d46cdc0ddbc0e7cd767b60463ab23ec7676a5a33895a3a4a
SHA512

ab0f87c19770dd85ea5ee8d3d84d753cf43f84328a945fcfaafec1d0a4700bb6925841afe7f061645beb1d8ac25ffa6b9c9f6299913aee72ede2ebb17e044318
SSDEEP

768:o+v9hLTc8A5oYETNfvqRiaeZC+r4jfw7S:oE/LTc8AsOe3s

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28
PID 2212 wrote to memory of 2804	2212	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\deec56b47e89b32f4b1cab0558d81fab.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\deec56b47e89b32f4b1cab0558d81fab.dll
  2⤵
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2804-0-0x00000000001F0000-0x00000000001FE000-memory.dmp

Filesize
56KB

Download