0a5ae02e5ce41ec8c4be639ef562d00ae5a6aa717d061de6b0e7f133c8b84268 | Triage

Analysis

max time kernel
2s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
26-02-2021 21:56

Sharing

Report Analysis Logs

General

Target

mon83.dll
Size

469KB
MD5

43b696b4c1b2dd7adc4709b5f8d3deb1
SHA1

97d14baad94146524c30055e073691df9da7bb51
SHA256

0a5ae02e5ce41ec8c4be639ef562d00ae5a6aa717d061de6b0e7f133c8b84268
SHA512

8ab1184c8a6ee30579ba6737948488a132db49024bed3b43e0f5ea9426f2dd13b9c48ad2c3feb9a072cf7e7f98697f79f2cae6cf3974bd86ea8c47afc7c8d601

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 776 wrote to memory of 1992	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 1992	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 1992	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 1992	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 1992	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 1992	776	regsvr32.exe	regsvr32.exe
PID 776 wrote to memory of 1992	776	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\mon83.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:776

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\mon83.dll
2⤵
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-2-0x000007FEFBB61000-0x000007FEFBB63000-memory.dmp

Filesize
8KB

Download
memory/1992-3-0x0000000000000000-mapping.dmp

Download
memory/1992-4-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download