14a009ceb52b77ab8f3b6ed5b4965c13cf33346cc979cee92ac161d2531cb4bb | Triage

Analysis

max time kernel
139s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 12:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

WsmAgent.dll
Size

25KB
MD5

3953dd2baadeeb308483377e604790e0
SHA1

89473a43eaf9c96265b1633898972831179bcab9
SHA256

14a009ceb52b77ab8f3b6ed5b4965c13cf33346cc979cee92ac161d2531cb4bb
SHA512

4255d46f8848f7cbf308465977bd710ea92c548ebc3e9a4f04aeb925ec250cb6e628282de15f40506de1a9fdc09df033949e906ef13ffdb1c2d6651e9d418ce9
SSDEEP

384:YMX/h7SrcIvtL4twZcYKMt4lg8gL86zFT7SB+L0IPNLWjhWwEgC9:YeMYwHjJ7zTPNUc9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 3288	3220	regsvr32.exe	86
PID 3220 wrote to memory of 3288	3220	regsvr32.exe	86
PID 3220 wrote to memory of 3288	3220	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\WsmAgent.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\WsmAgent.dll
  2⤵
  PID:3288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads