4b27de8a7f73d469420c292dc63c895c075dfb3d6d641781eadeac3646e5f704 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 18:15

Sharing

Report Analysis Logs

General

Target

NPSWF32.dll
Size

16.7MB
MD5

ec55112edb2ce5bc2bfcacdb9c2150f4
SHA1

a52ea3b221e7814c230d480d157db13596c8bf7c
SHA256

c989a6aa5c4a09cd097a45c2bafc7be2c0660d867e345b8ec0ade957bee2361f
SHA512

85198107be6ffada85b54dc686e2e84e1d459d1e88809f74db4ba1b1e1b28b069d9d449883fcb817d9b5b36cc19b4d3ba0ae327f205b4123466f5f783063d40f
SSDEEP

393216:hPm6P/fc8M8JtuEm1pDN2buG6vj+rIZHti1DxO6nEID2TuBa:hO6P/E8M8JtuE/IuO61SiE

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

regsvr32.exe

pid process

1612 regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1676 wrote to memory of 1612	1676	regsvr32.exe	regsvr32.exe
PID 1676 wrote to memory of 1612	1676	regsvr32.exe	regsvr32.exe
PID 1676 wrote to memory of 1612	1676	regsvr32.exe	regsvr32.exe
PID 1676 wrote to memory of 1612	1676	regsvr32.exe	regsvr32.exe
PID 1676 wrote to memory of 1612	1676	regsvr32.exe	regsvr32.exe
PID 1676 wrote to memory of 1612	1676	regsvr32.exe	regsvr32.exe
PID 1676 wrote to memory of 1612	1676	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NPSWF32.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\NPSWF32.dll
2⤵
- Suspicious use of SetWindowsHookEx
PID:1612

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...