c7186def2bb6152289700ba76f681460138d28885aaad97ad3fdb7023be57bdf | Triage

Analysis

max time kernel
4s
max time network
12s
platform
windows7_x64
resource
win7v20201028
submitted
27-02-2021 07:02

Sharing

Report Analysis Logs

General

Target

b01f4d6e58860cbfbad674024ae98af0.dll
Size

469KB
MD5

b01f4d6e58860cbfbad674024ae98af0
SHA1

93919c4013bb080986a298e589729437751c0514
SHA256

c7186def2bb6152289700ba76f681460138d28885aaad97ad3fdb7023be57bdf
SHA512

19530c658c87d45355019bcd3acbefce0864ece679a6c7fb964136f01cb42d252ee21501feb49a76dd6c09d868eeb3f1a220a88180412db51bb8bc57a3c0daf1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 384 wrote to memory of 1992	384	regsvr32.exe	regsvr32.exe
PID 384 wrote to memory of 1992	384	regsvr32.exe	regsvr32.exe
PID 384 wrote to memory of 1992	384	regsvr32.exe	regsvr32.exe
PID 384 wrote to memory of 1992	384	regsvr32.exe	regsvr32.exe
PID 384 wrote to memory of 1992	384	regsvr32.exe	regsvr32.exe
PID 384 wrote to memory of 1992	384	regsvr32.exe	regsvr32.exe
PID 384 wrote to memory of 1992	384	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b01f4d6e58860cbfbad674024ae98af0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:384

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\b01f4d6e58860cbfbad674024ae98af0.dll
2⤵
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/384-2-0x000007FEFB9D1000-0x000007FEFB9D3000-memory.dmp

Filesize
8KB

Download
memory/1992-3-0x0000000000000000-mapping.dmp

Download
memory/1992-4-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download