ab2e7bc5a2e120148e14fbd1625c15655f9e2489c911537edc96bdcf560dfdf8 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 12:48

Sharing

Report Analysis Logs

General

Target

PhotoMetadataHandler.dll
Size

356KB
MD5

95ab9b30166221ed22e43290d47198cd
SHA1

b04497289e2a2d1e12efb8f5b618341d4fbd783d
SHA256

ab2e7bc5a2e120148e14fbd1625c15655f9e2489c911537edc96bdcf560dfdf8
SHA512

11c7045584981107e67926c1d519dbaf69bfa2c45c5a664407d7858c0a63d8fe2eb57417e3fb921fef382cdf945e5cce513c3974132789f95cb51f022cd30f87
SSDEEP

6144:4rDxJipNwennlUgVINRyHj6xfm+vy4vWG1zYR8N:7VINRyD6o+dvRS8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 1884	2316	regsvr32.exe	28
PID 2316 wrote to memory of 1884	2316	regsvr32.exe	28
PID 2316 wrote to memory of 1884	2316	regsvr32.exe	28
PID 2316 wrote to memory of 1884	2316	regsvr32.exe	28
PID 2316 wrote to memory of 1884	2316	regsvr32.exe	28
PID 2316 wrote to memory of 1884	2316	regsvr32.exe	28
PID 2316 wrote to memory of 1884	2316	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\PhotoMetadataHandler.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\PhotoMetadataHandler.dll
  2⤵
  PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads