Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 00:01

General

  • Target

    msimg32.dll

  • Size

    44.9MB

  • MD5

    b5f59b6995aebcc5d59d7f1b87333feb

  • SHA1

    3e6e1b41e93059517fd6675cbb3919d4de6d4c91

  • SHA256

    3ba98e952dac1f26679caf47bdd8662f78d8826ae030919b6b0ade9352f33b17

  • SHA512

    5df700664897d1fac422ff887238c641a2797901c9f664802da234ca999e32e08da55a4e237f7f785fab8ec34c5a1057aa2554ff0c49b6301cb31066173f96d8

  • SSDEEP

    786432:/UP7GCGO7t0Srkx/tC0SzIdSwh/WxbpNHQD3trzRp23:/UP7GCG6iSrkx1hSzYsHQD3t/RE3

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\msimg32.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\msimg32.dll
      2⤵
      • Suspicious use of NtCreateThreadExHideFromDebugger
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\SysWOW64\regsvr32.exe"
        3⤵
          PID:1188

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1188-9-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

    • memory/1188-7-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

    • memory/1188-5-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

    • memory/1188-3-0x00000000000D0000-0x0000000000124000-memory.dmp

      Filesize

      336KB

    • memory/1188-15-0x00000000000D0000-0x0000000000124000-memory.dmp

      Filesize

      336KB

    • memory/1188-12-0x00000000000D0000-0x0000000000124000-memory.dmp

      Filesize

      336KB

    • memory/1188-11-0x00000000000D0000-0x0000000000124000-memory.dmp

      Filesize

      336KB

    • memory/2160-1-0x00000000102E6000-0x0000000010300000-memory.dmp

      Filesize

      104KB

    • memory/2160-0-0x0000000010000000-0x0000000012DA5000-memory.dmp

      Filesize

      45.6MB

    • memory/2160-2-0x0000000010000000-0x0000000012DA5000-memory.dmp

      Filesize

      45.6MB

    • memory/2160-14-0x0000000010000000-0x0000000012DA5000-memory.dmp

      Filesize

      45.6MB