214cf216ddfe1db06e253e16a305cc5e234b398a1b286f3d74a9d5c4c4e88e6c | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 21:18

Sharing

Report Analysis Logs

General

Target

Registry.dll
Size

29KB
MD5

c2d208f5a2b2d260430b569480601c19
SHA1

5bf7fee06e32798c7dad780f486382285504cf5a
SHA256

71f6c577028dbabed6b205057920330cc2e934298915bec21e1eb8ec344e859f
SHA512

9d08d6be58ec4dc2f91a471e95f500830dec110e290a1c842ee6ea7576f1fb492d77ac488d7476adf06e81539fdf230fb18fb231c0a3d0ec9bef556e9da41b43
SSDEEP

768:MRwWZlJ1MWoPyRuGjXxh0W38uHoY0DoKE0HG:wwWZlJeW+1GTxH3hqDo+H

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Registry.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Registry.dll,#1
  2⤵
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads