b485913971b314ee446473d7d4d63ca1d0d1a2d6aadcfeb8b592d678383b25f1 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 06:03

Sharing

Report Analysis Logs

General

Target

apircl.dll
Size

216KB
MD5

d53467bc936a14bcac37607228e695e8
SHA1

2bf5a2a13d369234f0821a16b3a53edea196aa89
SHA256

b485913971b314ee446473d7d4d63ca1d0d1a2d6aadcfeb8b592d678383b25f1
SHA512

124779de792c7f6f591a551943a64e474841e5fbccabc3d5f683bbb6db0972503fa3d1e7d5a5208a0c3583405888a52c499eba10a12ae5b76e9f3e5a960863f0
SSDEEP

6144:gdWWw4epgGYzP6D1sq+vmaZ21rjTyVx4KrWQaJp:g9ydD1sqE8LQrWQC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2296	1808	regsvr32.exe	28
PID 1808 wrote to memory of 2296	1808	regsvr32.exe	28
PID 1808 wrote to memory of 2296	1808	regsvr32.exe	28
PID 1808 wrote to memory of 2296	1808	regsvr32.exe	28
PID 1808 wrote to memory of 2296	1808	regsvr32.exe	28
PID 1808 wrote to memory of 2296	1808	regsvr32.exe	28
PID 1808 wrote to memory of 2296	1808	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\apircl.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\apircl.dll
  2⤵
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads