cd6b124b7ce26ff65eebb0f8d5e6cfc016e4e0a623f3611493c298139d3183b6 | Triage

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7v20210410
submitted
28-04-2021 23:30

Sharing

Report Analysis Logs

General

Target

file.dll
Size

400KB
MD5

d74dfc1fb74fd3b8de29f0ed6afc05aa
SHA1

a8a243bc25a545013e5fa12e05c8bbb9548e372c
SHA256

cd6b124b7ce26ff65eebb0f8d5e6cfc016e4e0a623f3611493c298139d3183b6
SHA512

94337941b5dcf800c399d12123fca81083d468f0fbc90bfb42db63359ffc2353c0841beb2a878902455dc29ee4bdcee74a9efa03c9a40044413060cb220e2baf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1864 wrote to memory of 1420	1864	regsvr32.exe	regsvr32.exe
PID 1864 wrote to memory of 1420	1864	regsvr32.exe	regsvr32.exe
PID 1864 wrote to memory of 1420	1864	regsvr32.exe	regsvr32.exe
PID 1864 wrote to memory of 1420	1864	regsvr32.exe	regsvr32.exe
PID 1864 wrote to memory of 1420	1864	regsvr32.exe	regsvr32.exe
PID 1864 wrote to memory of 1420	1864	regsvr32.exe	regsvr32.exe
PID 1864 wrote to memory of 1420	1864	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\file.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1864

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\file.dll
2⤵
PID:1420

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-61-0x0000000000000000-mapping.dmp

Download
memory/1420-62-0x0000000076A81000-0x0000000076A83000-memory.dmp

Filesize
8KB

Download
memory/1420-63-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1864-60-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

Filesize
8KB

Download