3f8ec3ac729285705bbeff69bad1edada368ef5241d91d3eee878e4b0856bf52 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 21:21

Sharing

Report Analysis Logs

General

Target

泽华音乐/XpMenu.dll
Size

232KB
MD5

4c70a59a1588e1394adb9e703bc9d291
SHA1

907034dc1dbdeaeac0153d3b28fbb1ef6c7371ab
SHA256

ed5f2358d2449bf1eabcc04a63d314d7496b2bc4f1e466974b87d8a0c2eff8db
SHA512

57d8d6f38013a622feb16692b1c3dc4fc5980ad9a18d22ac11e5d46324602937fc7a8abebad13f82cd42681a63de7a768a67f8badbd84e05e65e359367977e28
SSDEEP

3072:Cg/nYvS5OA/pEZ+l+Un6hAfg9QRbznhdO3hMXwHpxYIMM+IP:VnYvUSAlfLf0Q5zhdO3hVxYfM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2980	2928	regsvr32.exe	28
PID 2928 wrote to memory of 2980	2928	regsvr32.exe	28
PID 2928 wrote to memory of 2980	2928	regsvr32.exe	28
PID 2928 wrote to memory of 2980	2928	regsvr32.exe	28
PID 2928 wrote to memory of 2980	2928	regsvr32.exe	28
PID 2928 wrote to memory of 2980	2928	regsvr32.exe	28
PID 2928 wrote to memory of 2980	2928	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\泽华音乐\XpMenu.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\泽华音乐\XpMenu.dll
  2⤵
  PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads