e58b9bbb7bcdf3e901453b7b9c9e514fed1e53565e3280353dccc77cde26a98e | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 14:02

Sharing

Report Analysis Logs

General

Target

Matan.dll
Size

144KB
MD5

fc484855692f2a7d1eae090086a1eb72
SHA1

2e9103747750b40835f58d9e57c2ab75eeaf25f6
SHA256

e58b9bbb7bcdf3e901453b7b9c9e514fed1e53565e3280353dccc77cde26a98e
SHA512

2f6b6e8aa82dc4aa61a540bae1d98682ec79e73ccfeaf9c273b053c2162f35207842f7ab2f1bc06e927d706ec88ecf209d2c57e86323c38fb43e9d694e624311
SSDEEP

3072:biKjfYjd3b9fSCNq01bKrF5HiLCK08WA46tvTj:+QfYjBMCNcC+KlWuB3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1704 wrote to memory of 1432	1704	regsvr32.exe	regsvr32.exe
PID 1704 wrote to memory of 1432	1704	regsvr32.exe	regsvr32.exe
PID 1704 wrote to memory of 1432	1704	regsvr32.exe	regsvr32.exe
PID 1704 wrote to memory of 1432	1704	regsvr32.exe	regsvr32.exe
PID 1704 wrote to memory of 1432	1704	regsvr32.exe	regsvr32.exe
PID 1704 wrote to memory of 1432	1704	regsvr32.exe	regsvr32.exe
PID 1704 wrote to memory of 1432	1704	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Matan.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\Matan.dll
  2⤵
  PID:1432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads