8af1ae8a6d1965b0e4c83ba47f044c2f81c711e33c6c7372b6e815657334726a | Triage

Analysis

max time kernel
516s
max time network
520s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-07-2024 21:12

Sharing

Report Analysis Logs

General

Target

PhysxExt.dll
Size

2.9MB
MD5

6ff985653d41e8d60bb1293f01729adf
SHA1

1ae3086a16a91ea45c06d34071d8b3b87e058804
SHA256

224ba9fe747ed7266a392961586db8a716553b85760fe3083e6d345034868d8f
SHA512

fd47a81000dcd98adc03d1f45a172c19b2e8aa3c8f13338bda0b00407f7b81b52e0fa9be3f9ef87fb1303231225e83b9dd8c39a0777ee56ccd54abc52d095b87
SSDEEP

24576:fZJJSVBjkvvhwVxKKpQgRQ8sUOwDUsHeHfcKtaPRO/o5o4Z/5rLyv+Fe:xJegvvhTKTRcPDqho4F5rLyW4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 4984	2304	regsvr32.exe	74
PID 2304 wrote to memory of 4984	2304	regsvr32.exe	74
PID 2304 wrote to memory of 4984	2304	regsvr32.exe	74

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\PhysxExt.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\PhysxExt.dll
  2⤵
  PID:4984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads