bb6a9a2835d0a0538991d5e6a0cbe732e0b92412231f77e0022eebecc0d925a7 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 00:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

regOCX/runOcx.bat
Size

47B
MD5

1ec62ef88a54ddcd68bc8e35c13ba444
SHA1

81eacb445aa45ff470483f559827b0ee5dd8fab7
SHA256

64a2170bcfd1443448cf102bcec54c60e93bf49249011dae071abb804b98bc83
SHA512

6a3acc84751512fb078a81ce96cdea2733ddc81eab32688ca056b4f2acba69623979a79fe396dc8e004c7a8a5e297c5dc4449a18da6ff65e44e33eef4349b1ca

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
1212	regsvr32.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1212	2184	cmd.exe	29
PID 2184 wrote to memory of 1212	2184	cmd.exe	29
PID 2184 wrote to memory of 1212	2184	cmd.exe	29
PID 2184 wrote to memory of 1212	2184	cmd.exe	29
PID 2184 wrote to memory of 1212	2184	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\regOCX\runOcx.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\system32\regsvr32.exe
  regsvr32 d:\regOCX\WowShell.ocx
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download