68a96bd0c150d2808755edfc90b2263626de612b4907e772af3bb552f0fcc4ca | Triage

Analysis

max time kernel
2s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
15-03-2021 00:37

Sharing

Report Analysis Logs

General

Target

68a96bd0c150d2808755edfc90b2263626de612b4907e772af3bb552f0fcc4ca.bin.dll
Size

119KB
MD5

fbd2a737bfd8a83dcdc9b9359e2ca68f
SHA1

8ef5072dc4351e49c11241f332577c7630656c95
SHA256

68a96bd0c150d2808755edfc90b2263626de612b4907e772af3bb552f0fcc4ca
SHA512

450a883d139f0a18d278b87b6810e73e97ed8e02a2e48256bdcbca25988ea440bbfa1977df728564f5c1c6db30b11c84f5f3f3dcb0a24febcddd868442a7453c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1908 wrote to memory of 1264	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1264	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1264	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1264	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1264	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1264	1908	regsvr32.exe	regsvr32.exe
PID 1908 wrote to memory of 1264	1908	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\68a96bd0c150d2808755edfc90b2263626de612b4907e772af3bb552f0fcc4ca.bin.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\68a96bd0c150d2808755edfc90b2263626de612b4907e772af3bb552f0fcc4ca.bin.dll
2⤵
PID:1264

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1264-3-0x0000000000000000-mapping.dmp

Download
memory/1264-4-0x0000000076271000-0x0000000076273000-memory.dmp

Filesize
8KB

Download
memory/1908-2-0x000007FEFBBF1000-0x000007FEFBBF3000-memory.dmp

Filesize
8KB

Download