22c5858ff8c7815c34b4386c3b4c83f2b8bb23502d153f5d8fb9f55bd784e764 | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 01:10

Sharing

Report Analysis Logs

General

Target

PixelSignal.dll
Size

512KB
MD5

a4e3345491eaca250f1cc139db05a015
SHA1

f09804b59a3aac7c1dd47c7e027182fb54f9a277
SHA256

22c5858ff8c7815c34b4386c3b4c83f2b8bb23502d153f5d8fb9f55bd784e764
SHA512

79ab4fb0e6f4823e3c4eac42748f0c31d5f0082fdfa9adb7f2b4924a6c165da9dc41b019657283daa63dfc18ad3c3d0ab182dc0ede21a9c1ce551e94a9f2e1f3
SSDEEP

12288:hGcV/BCTLVkg1LdACH7OE7gF+ojxpq/C5zfidd:hGcyT5F1dA6qE7gFnxk/o0

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2272 set thread context of 2392	2272	regsvr32.exe	30

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2392	2272	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\PixelSignal.dll
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\System32\msiexec.exe
  \??\C:\Windows\System32\msiexec.exe
  2⤵
  PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2272-0-0x00000000026A0000-0x0000000002849000-memory.dmp

Filesize
1.7MB

Download
memory/2392-7-0x0000000000030000-0x00000000000C0000-memory.dmp

Filesize
576KB

Download