63bee368085136ef7eed0823b6d8fb25ffecfd6f6d9050ee26f782e2b35df9a4 | Triage

Analysis

max time kernel
77s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
22-01-2021 10:46

Sharing

Report Analysis Logs

General

Target

pan0ramic0.jpg.dll
Size

377KB
MD5

9fe062a79018b4df322391a8f055d6be
SHA1

dee5ab23ff6f339fabddbb5b2bedc9d13329682c
SHA256

63bee368085136ef7eed0823b6d8fb25ffecfd6f6d9050ee26f782e2b35df9a4
SHA512

1e9d23e8d901622cdda01dbc732636b64b0f8215a8b9b1a625cc4ab42feaf2c8564ef5083e8af8ee92d4b19435c1ca20e31a784cb76b872157914749b28d8aa6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2008 wrote to memory of 1368	2008	regsvr32.exe	regsvr32.exe
PID 2008 wrote to memory of 1368	2008	regsvr32.exe	regsvr32.exe
PID 2008 wrote to memory of 1368	2008	regsvr32.exe	regsvr32.exe
PID 2008 wrote to memory of 1368	2008	regsvr32.exe	regsvr32.exe
PID 2008 wrote to memory of 1368	2008	regsvr32.exe	regsvr32.exe
PID 2008 wrote to memory of 1368	2008	regsvr32.exe	regsvr32.exe
PID 2008 wrote to memory of 1368	2008	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\pan0ramic0.jpg.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\pan0ramic0.jpg.dll
2⤵
PID:1368

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-3-0x0000000000000000-mapping.dmp

Download
memory/1368-4-0x0000000076641000-0x0000000076643000-memory.dmp

Filesize
8KB

Download
memory/1368-5-0x0000000074D70000-0x0000000074D7F000-memory.dmp

Filesize
60KB

Download
memory/1368-6-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2008-2-0x000007FEFC371000-0x000007FEFC373000-memory.dmp

Filesize
8KB

Download