9db981d87d60a19e0c3242d35d6f275f4a1d0fbb80ef624bd715d86abc363cb5 | Triage

Analysis

max time kernel
202s
max time network
297s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24-06-2024 01:34

Sharing

Report Analysis Logs

General

Target

Q/web.dll
Size

18.7MB
MD5

88fd7dbf04bcf75123d02009aea3f7f7
SHA1

cecf16bdad71e54afc941179ea2b7438a04efa1d
SHA256

01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
SHA512

2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
SSDEEP

393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

regsvr32.exe

pid process

3688 regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 612 wrote to memory of 3688	612	regsvr32.exe	regsvr32.exe
PID 612 wrote to memory of 3688	612	regsvr32.exe	regsvr32.exe
PID 612 wrote to memory of 3688	612	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Q\web.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:612

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\Q\web.dll
2⤵
- Suspicious use of SetWindowsHookEx
PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...