dd8bf72af7cc068d7d05eccb747e0d22ada59e4d272197d0240f4df131afb15e | Triage

Analysis

max time kernel
95s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 08:59

Sharing

Report Analysis Logs

General

Target

QQ多号登录管理器V1.0/MSCOMCTL.dll
Size

1.0MB
MD5

f7bbb7d79adb9e3adc13f3b3c33d3d4d
SHA1

cacb4b31d22419e6a9ddbffcf61ae42da0d5fb8a
SHA256

18a83d7a420a17fcb6f56eb3ba5362c975d32e5ded7553c6fd407f07bdb7b006
SHA512

4870ddbdf283d7f7f64d3f4bf556600a78804f6a94fc2ca7eb778e85d70b6d2d017aa35cbddf773b6a1b6d9a2813cd67fe54ede7859050a254a3e3c05616ae0e
SSDEEP

24576:mnt4M/pL1wAEIqSBanK6CC33VTj+1R8xRFLqqmbD1kWIAqPA:mPL15EIqS1e6q3FmKbt4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 3084	3192	regsvr32.exe	85
PID 3192 wrote to memory of 3084	3192	regsvr32.exe	85
PID 3192 wrote to memory of 3084	3192	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\QQ多号登录管理器V1.0\MSCOMCTL.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\QQ多号登录管理器V1.0\MSCOMCTL.dll
  2⤵
  PID:3084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads