eb12afe158fd7f4236a98c7c6b686dfe9838c3d986c28b593a54303c68534661 | Triage

Analysis

max time kernel
53s
max time network
145s
platform
windows10_x64
resource
win10v20201028
submitted
13-03-2021 09:22

Sharing

Report Analysis Logs

General

Target

microsoft_shared.tmp.dll
Size

686KB
MD5

7a75045c4c927433aa7258833355c403
SHA1

c9fb3583b403cc8ed0186971ee300629fd91525f
SHA256

eb12afe158fd7f4236a98c7c6b686dfe9838c3d986c28b593a54303c68534661
SHA512

e1ef63423f04f0047a89b72537aa6d0068e842304e69146e766e83a7b261025765944858d699480f66d38655c4fa5e20b04e96fff9a0397f27db92016cb2c02b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 4704 wrote to memory of 4824	4704	regsvr32.exe	regsvr32.exe
PID 4704 wrote to memory of 4824	4704	regsvr32.exe	regsvr32.exe
PID 4704 wrote to memory of 4824	4704	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\microsoft_shared.tmp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\microsoft_shared.tmp.dll
  2⤵
  PID:4824
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe
    3⤵
    PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4164-5-0x0000000000000000-mapping.dmp

Download
memory/4164-6-0x00000000024F0000-0x0000000002516000-memory.dmp

Filesize
152KB

Download
memory/4824-2-0x0000000000000000-mapping.dmp

Download
memory/4824-3-0x0000000000E00000-0x0000000000E01000-memory.dmp

Filesize
4KB

Download
memory/4824-4-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download