561c0985bb874a8e65ee65ffaf8095d0f1803a93262d8ce4c4e85a485c199fc4 | Triage

Analysis

max time kernel
10s
max time network
110s
platform
windows10_x64
resource
win10v20210410
submitted
06-05-2021 15:17

Sharing

Report Analysis Logs

General

Target

74280000.impetuous.scss.dll
Size

39KB
MD5

b4f7286e1b0dd77443d356b5a5000377
SHA1

2d1ff19a22cea853fae6520ede46d1d6a7ebcf28
SHA256

561c0985bb874a8e65ee65ffaf8095d0f1803a93262d8ce4c4e85a485c199fc4
SHA512

35a4d185b33800c4520e9372cf237c95f0ffac49d6beceb0dea0715c7b858bf65d7d36da3f2eee6fb21ef9db162f074fc51ea045953d2f60d630a959408d5c55

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3944 wrote to memory of 2652	3944	regsvr32.exe	regsvr32.exe
PID 3944 wrote to memory of 2652	3944	regsvr32.exe	regsvr32.exe
PID 3944 wrote to memory of 2652	3944	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\74280000.impetuous.scss.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3944

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\74280000.impetuous.scss.dll
2⤵
PID:2652

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2652-114-0x0000000000000000-mapping.dmp

Download
memory/2652-115-0x0000000000801000-0x0000000000803000-memory.dmp

Filesize
8KB

Download