e275c0b13ef51066e1a5a8d9a3e9f2859d091560dd3c5eac8cd7920bdf3dcbd6 | Triage

Resubmissions

12-04-2021 15:31

210412-mjs3k29b1a 10

22-02-2021 08:21

210222-k1twhj5v3a 10

Analysis

max time kernel
2s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
22-02-2021 08:21

Sharing

Report Analysis Logs

General

Target

test.bin.dll
Size

218KB
MD5

12998ead3767b8e2a7d3172432c2347a
SHA1

21c8fb727afbb4d7078a2ce25eaf569c28afb308
SHA256

e275c0b13ef51066e1a5a8d9a3e9f2859d091560dd3c5eac8cd7920bdf3dcbd6
SHA512

252f3159a90dddd528b23d0f6f09ea56eb3470b1c674faa87f20e453f6db2c5939b462dd6a7a77bad2903476aa84efc9ff9c79ef1484e89c2c257820b190c3cb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 776 wrote to memory of 2028	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 2028	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 2028	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 2028	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 2028	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 2028	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 2028	776	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\test.bin.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:776

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\test.bin.dll
2⤵
PID:2028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-2-0x000007FEFB991000-0x000007FEFB993000-memory.dmp

Filesize
8KB

Download
memory/2028-3-0x0000000000000000-mapping.dmp

Download
memory/2028-4-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/2028-5-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2028-6-0x00000000001B0000-0x00000000001F5000-memory.dmp

Filesize
276KB

Download