7ac2ea90e91521c56583f95276a3ce3d9fe372548f1c53f9049eae5d5489bd1b | Triage

Analysis

max time kernel
2s
max time network
1s
platform
windows7_x64
resource
win7v20210408
submitted
19-04-2021 20:05

Sharing

Report Analysis Logs

General

Target

ClearDDrop.exe_.dll
Size

220KB
MD5

61937dd3b1410a3be02b639267ebb946
SHA1

9855ac2345c63e7895ed81fc3b5bdfb74bfef82c
SHA256

7ac2ea90e91521c56583f95276a3ce3d9fe372548f1c53f9049eae5d5489bd1b
SHA512

90759932f0d96c5b7de99b642ce5c908f9385c847d738f4144ab63b6080d072d9e839e1c0d07d3473bbf63ac7534bd4f93a23c8aef4d92593734cd1ec87861c2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1824 wrote to memory of 2040	1824	regsvr32.exe	regsvr32.exe
PID 1824 wrote to memory of 2040	1824	regsvr32.exe	regsvr32.exe
PID 1824 wrote to memory of 2040	1824	regsvr32.exe	regsvr32.exe
PID 1824 wrote to memory of 2040	1824	regsvr32.exe	regsvr32.exe
PID 1824 wrote to memory of 2040	1824	regsvr32.exe	regsvr32.exe
PID 1824 wrote to memory of 2040	1824	regsvr32.exe	regsvr32.exe
PID 1824 wrote to memory of 2040	1824	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ClearDDrop.exe_.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1824

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ClearDDrop.exe_.dll
2⤵
PID:2040

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1824-59-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

Filesize
8KB

Download
memory/2040-60-0x0000000000000000-mapping.dmp

Download
memory/2040-61-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download