ca3408df31dc066d6ec4feea0388ca8d0cf5d35393bd5a6f1979b9af590f7615 | Triage

Analysis

max time kernel
5s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
22-01-2021 06:47

Sharing

Report Analysis Logs

General

Target

pan0ramic0.jpg.dll
Size

239KB
MD5

25507f89abd96f37d80e0596cd834e26
SHA1

101b89112be002d90e39b62496e79146ab8fc87a
SHA256

ca3408df31dc066d6ec4feea0388ca8d0cf5d35393bd5a6f1979b9af590f7615
SHA512

7daada31a57687749a004d4de9794299d05b4c7ca6ce2d7647cf598638281f72b45eea1e95b1c4f32ca52f3404559a53fc2e92b37c1165dc9a725f869004c5fd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1096 wrote to memory of 1904	1096	regsvr32.exe	regsvr32.exe
PID 1096 wrote to memory of 1904	1096	regsvr32.exe	regsvr32.exe
PID 1096 wrote to memory of 1904	1096	regsvr32.exe	regsvr32.exe
PID 1096 wrote to memory of 1904	1096	regsvr32.exe	regsvr32.exe
PID 1096 wrote to memory of 1904	1096	regsvr32.exe	regsvr32.exe
PID 1096 wrote to memory of 1904	1096	regsvr32.exe	regsvr32.exe
PID 1096 wrote to memory of 1904	1096	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\pan0ramic0.jpg.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\pan0ramic0.jpg.dll
2⤵
PID:1904

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1096-2-0x000007FEFBBB1000-0x000007FEFBBB3000-memory.dmp

Filesize
8KB

Download
memory/1904-3-0x0000000000000000-mapping.dmp

Download
memory/1904-4-0x0000000075301000-0x0000000075303000-memory.dmp

Filesize
8KB

Download
memory/1904-5-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1904-6-0x00000000001A0000-0x00000000001F5000-memory.dmp

Filesize
340KB

Download