79bc66abc8760be1941e753480ba53a8e14dcaef8342fc78178eab6c777e1df3 | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 12:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MFPlay.dll
Size

462KB
MD5

6a2012c326b7b08ad70fa33cd9b04962
SHA1

98f7bd8522693e5909f0dbc5d2c46c4718524b8f
SHA256

79bc66abc8760be1941e753480ba53a8e14dcaef8342fc78178eab6c777e1df3
SHA512

1e943e4a93122ccbe09f93d0ebd63466350d90601c0fadd2dc0240f2cb6bd1b321eb217496ae5ec38fefa02b3e02e35a48d22e904a89d4696d7bb5971434a6b0
SSDEEP

6144:K0eqO2eCjFyGqMmSDqz8YNELolDCyxYdtEFjHQf+IL:K/qO2nmSDqAY6eCyxPFjHQf+IL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 228	4924	regsvr32.exe	82
PID 4924 wrote to memory of 228	4924	regsvr32.exe	82
PID 4924 wrote to memory of 228	4924	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MFPlay.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\MFPlay.dll
  2⤵
  PID:228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads