6a483a0b09b8c2059b0b6a504bf61866fd019c9b5cda7a90bb75f19ce5d4b896 | Triage

Analysis

max time kernel
134s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MFPlay.dll
Size

365KB
MD5

0c3ef8910e8b9b0ce657075ecc88872b
SHA1

a0fafcc2357044cfba91595bf1a1d4abf3fa7513
SHA256

6a483a0b09b8c2059b0b6a504bf61866fd019c9b5cda7a90bb75f19ce5d4b896
SHA512

8cc780a2fb171accf6edae8a69aa8b4b37cc196612461e6e4e9a56001d65b17712b5e551037dc4ae9facbee6362aacd6e8e3a992b7dabc0878cdcdc021255824
SSDEEP

6144:t8RHGDaV7MtLC1bUyLAYsJ+9QIj+m3hFzdPCaM51I3xw95K97BMg999GfyuZg21o:tqV2Mb7lNtB3ZSFmpL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 3812	5044	regsvr32.exe	84
PID 5044 wrote to memory of 3812	5044	regsvr32.exe	84
PID 5044 wrote to memory of 3812	5044	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MFPlay.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\MFPlay.dll
  2⤵
  PID:3812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads