Analysis
-
max time kernel
118s -
max time network
133s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-04-2021 18:35
Static task
static1
Behavioral task
behavioral1
Sample
3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0.dll
-
Size
119KB
-
MD5
91e06d83a0ea2e73f8143f9d70c2b8b1
-
SHA1
7ff7ce00ddb41170fe4b86858ae7bf4b9957ff0c
-
SHA256
3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0
-
SHA512
48e60e0da5a730837c1845552db012578c91655ae5234a27093408a83c25b2b4aee9b7c710a4484d591bdaaae838634aad02b8f35f656cdfb8ada5721cbada47
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1100 wrote to memory of 2000 1100 regsvr32.exe regsvr32.exe PID 1100 wrote to memory of 2000 1100 regsvr32.exe regsvr32.exe PID 1100 wrote to memory of 2000 1100 regsvr32.exe regsvr32.exe PID 1100 wrote to memory of 2000 1100 regsvr32.exe regsvr32.exe PID 1100 wrote to memory of 2000 1100 regsvr32.exe regsvr32.exe PID 1100 wrote to memory of 2000 1100 regsvr32.exe regsvr32.exe PID 1100 wrote to memory of 2000 1100 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1100 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0.dll2⤵PID:2000