cb4254da6bbf162af06baef0a61dcd795f1ec16f97563bf56c7ba28b374981d4 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 12:32

Sharing

Report Analysis Logs

General

Target

SyncInfrastructure.dll
Size

346KB
MD5

5595e0442193754b37809346390fe9c8
SHA1

f655306afe98c26f23edcbf6a196fdffc93b0414
SHA256

cb4254da6bbf162af06baef0a61dcd795f1ec16f97563bf56c7ba28b374981d4
SHA512

334c879c631b2cbc2a8a7e5c6d3f8ca872418fe9fff592980d3d7dbc12dc5c2586738acb7205913b258227ea0aaa7d53521a44cb8b7448c3ecde168cb12b6484
SSDEEP

6144:j6F4dKKw3HJ0GDnhOZSVsvmPJw8K7xYR:eF4dK3+GDhOZFq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 4284	2716	regsvr32.exe	84
PID 2716 wrote to memory of 4284	2716	regsvr32.exe	84
PID 2716 wrote to memory of 4284	2716	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\SyncInfrastructure.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\SyncInfrastructure.dll
  2⤵
  PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads