f89e2b73e809914bf7c7cac972cd543f956f55c3f43b9e41ad59589e67ee029d | Triage

Analysis

max time kernel
134s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:32

Sharing

Report Analysis Logs

General

Target

atl.dll
Size

79KB
MD5

b7d8e2e4a229e6cd5b90cfbc1ad85b8e
SHA1

f5c310d8128dbb4c4da9598d0d474620e0b206a5
SHA256

f89e2b73e809914bf7c7cac972cd543f956f55c3f43b9e41ad59589e67ee029d
SHA512

573094b6e82c6c6f0313c2d5d4e9cebdac01a8d1ca24521ac7db097d8d0b758ef778adc39acf189997bd37f05d5336525d3ca64e741776280cc75c1b37a58435
SSDEEP

1536:hrToxMcfySmRocrpftzxn17bC9T3YtlHGQuBLwnmsyT8TxyzXfQZBtLcboAcXwiC:hkuZY34RHmsyT8TIzXfQZBc16Hk

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 3704	2836	regsvr32.exe	83
PID 2836 wrote to memory of 3704	2836	regsvr32.exe	83
PID 2836 wrote to memory of 3704	2836	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\atl.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\atl.dll
  2⤵
  PID:3704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads