25ccd2652083a91bc78006e0a1add971af55805c775de8b5d38c806f1e81f2a7 | Triage

Analysis

max time kernel
134s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:08

Sharing

Report Analysis Logs

General

Target

DfsShlEx.dll
Size

60KB
MD5

3e4e6561859f1a5797a56c7618c0faca
SHA1

9d5ac8bfbd280d7be40067cb08ad0ce58af49d30
SHA256

25ccd2652083a91bc78006e0a1add971af55805c775de8b5d38c806f1e81f2a7
SHA512

e696b9795a21740c6585e3f6a0b4821a2ab0f86f8cb7fb4c2311b809168ee17f09a8cb9ac48fc0e089753afa8426caa786589adead7c3b442cf8d0f2d9563de0
SSDEEP

1536:M+9yvzr22pEbcxiDdFibf8xZWuufEtxYyk33NQyE0Y:M+kvzr22ubcVf8xZWJMtxYH33NVr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 4364	3084	regsvr32.exe	83
PID 3084 wrote to memory of 4364	3084	regsvr32.exe	83
PID 3084 wrote to memory of 4364	3084	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\DfsShlEx.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\DfsShlEx.dll
  2⤵
  PID:4364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads