cd773a8e18731c4d551faf1dcc8eb050c7eac19c9758a145f91c1dfa79361db8 | Triage

Analysis

max time kernel
2s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
21-01-2021 07:13

Sharing

Report Analysis Logs

General

Target

f0t0s.dll
Size

141KB
MD5

eecfc005c040236b5818d7e8f775ffed
SHA1

42bb1cfe2532023f6a099328e7a8f08dcd145231
SHA256

cd773a8e18731c4d551faf1dcc8eb050c7eac19c9758a145f91c1dfa79361db8
SHA512

ad9e6f52e5e2920369a003c98539c212e9ce839ff211cf3059468ba565fce345277611b893e8c2f546108cb9cd921c20c32ec8da5ce78de298b738f7b2221cf1

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

regsvr32.exe

description ioc process

File opened for modification C:\Windows\ regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1908 wrote to memory of 1984	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1984	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1984	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1984	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1984	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1984	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1984	1908	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f0t0s.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\f0t0s.dll
2⤵
- Drops file in Windows directory
PID:1984

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1908-2-0x000007FEFBBF1000-0x000007FEFBBF3000-memory.dmp

Filesize
8KB

Download
memory/1984-3-0x0000000000000000-mapping.dmp

Download
memory/1984-4-0x0000000076271000-0x0000000076273000-memory.dmp

Filesize
8KB

Download
memory/1984-5-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/1984-6-0x00000000001B0000-0x00000000001D9000-memory.dmp

Filesize
164KB

Download