48c74711b47b2bda7caf0f65f45315a029eef61623a9b93502f0d0c9a2b9bd8a | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:25

Sharing

Report Analysis Logs

General

Target

cfgbkend.dll
Size

62KB
MD5

6f9e15ffa57df9949ebf3e1f30ee1ec2
SHA1

f432aff1ca0e7fe9f5e5f01edc8ddfbbabc3bcad
SHA256

48c74711b47b2bda7caf0f65f45315a029eef61623a9b93502f0d0c9a2b9bd8a
SHA512

66e8013f4e88b633b3bb77cfdc14f2ba7fa9c74c0c77d5cdf9044b6e85a159fa47692157130a760115546ce291165ef93c79b92dfd1b5d4bfa8c2aaf75c48dd4
SSDEEP

1536:9rWWsZCuGqJkagMf+ZtdTHX0HRqJm8VW5zP4P3QRPw9s1L:wTuPZtdTHX0q3aY9sV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 4508	2672	regsvr32.exe	81
PID 2672 wrote to memory of 4508	2672	regsvr32.exe	81
PID 2672 wrote to memory of 4508	2672	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cfgbkend.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cfgbkend.dll
  2⤵
  PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads