9807d3db3169d24e181e058e5b99899d215e4b5b2c5539fefbb08d38c0199e34 | Triage

Analysis

max time kernel
140s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:10

Sharing

Report Analysis Logs

General

Target

MFPlay.dll
Size

365KB
MD5

a939f1bbc6a2c052b95b15fd58666498
SHA1

2d1d3d61b8a533ba5ad7980a9f5694d2ab1d5088
SHA256

9807d3db3169d24e181e058e5b99899d215e4b5b2c5539fefbb08d38c0199e34
SHA512

ce6828422fd9da3678869b48c3c2eaccb08b492de359a1298a93713faa8291e30742dcf75a6cec85ff4000b527142daae91fe081bd1f392939841b4bf1905324
SSDEEP

6144:GjRHGDaV7MtLC1bUyLAYsJ+9Q2D+m3hFzdPCaM51I3xw95697BMg999GfyuZg21o:GJVcs7flNtr3qSlClO

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 4684	4792	regsvr32.exe	83
PID 4792 wrote to memory of 4684	4792	regsvr32.exe	83
PID 4792 wrote to memory of 4684	4792	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MFPlay.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\MFPlay.dll
  2⤵
  PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads