a43e9d152796855e2d736ddfa8f65332ae1b4b8be8cd6592ecef9c9ab9ca2394 | Triage

Analysis

max time kernel
63s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22/12/2024, 01:38 UTC

Sharing

Report Analysis Logs

General

Target

vessel-64.dll
Size

4.5MB
MD5

6d912f3cb045cfce88c96f0da2addf3b
SHA1

52286ca71ac4239c5e2faad25e569f83ca4b35ee
SHA256

7051f30a6b9c7826f017faf69fe52c6e28c71af1ef5e1dbaae9c6f8a885019a7
SHA512

e22e4b89a9f7f659d89949b18df93c24087eaffe7e1399d8ca9eaff3a941fa3e2c4945dea03ffa3fb087ffcaa30c9d16bd29ecc7e158b9e5e4c5eccd530312cd
SSDEEP

98304:/vmHkq1lvap8NePY/WHFUKKBKjIYm3kjQDmwljY6uL4p:WH51lvNePoWuKKMkYxWmwljluUp

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
528	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
528	regsvr32.exe
528	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\vessel-64.dll
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/528-0-0x000007FEF5D25000-0x000007FEF5FA8000-memory.dmp

Filesize
2.5MB

Download
memory/528-5-0x0000000077080000-0x0000000077082000-memory.dmp

Filesize
8KB

Download
memory/528-3-0x0000000077080000-0x0000000077082000-memory.dmp

Filesize
8KB

Download
memory/528-1-0x0000000077080000-0x0000000077082000-memory.dmp

Filesize
8KB

Download
memory/528-6-0x000007FEF5D25000-0x000007FEF5FA8000-memory.dmp

Filesize
2.5MB

Download