7ca44cc3821b27376d9a179cad523d5dc4479acc9bc2f3c37f85b384acdde3b4 | Triage

Analysis

max time kernel
37s
max time network
113s
platform
windows10_x64
resource
win10v20201028
submitted
25-11-2020 21:55

Sharing

Report Analysis Logs

General

Target

fuxenm32.dll
Size

133KB
MD5

6b25c3e0f40da6109048c8ef76c3d88e
SHA1

ee17a65168ad4754253ad2c3a041662b452ef43d
SHA256

7ca44cc3821b27376d9a179cad523d5dc4479acc9bc2f3c37f85b384acdde3b4
SHA512

25743cc174490dc1d13547c3246baad2836bbe3acf54a13556cbe9fa6d233c2124c8a9f97fd712029aa4fef5e7cf25a5fe7584c5d155116609483c308002ef0b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3968 wrote to memory of 1008	3968	regsvr32.exe	regsvr32.exe
PID 3968 wrote to memory of 1008	3968	regsvr32.exe	regsvr32.exe
PID 3968 wrote to memory of 1008	3968	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fuxenm32.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3968

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\fuxenm32.dll
2⤵
PID:1008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1008-0-0x0000000000000000-mapping.dmp

Download