a2c3dd2934c9adaeebd6948e2e18f61e680e3baf0b9494ee5e9ff0ed407634d7 | Triage

Analysis

max time kernel
4s
max time network
12s
platform
windows7_x64
resource
win7v20210408
submitted
11-05-2021 18:05

Sharing

Report Analysis Logs

General

Target

TrickBot_04F60000.bin.dll
Size

220KB
MD5

6b8363dee5ebf062c75e51fc9b0b61b9
SHA1

41bd1f66766de320ad6c90b2980b85505b440680
SHA256

a2c3dd2934c9adaeebd6948e2e18f61e680e3baf0b9494ee5e9ff0ed407634d7
SHA512

84d6406c2c817efca56560a597b9e0d685c00516e0963ae8c1355da0278caae6249ceb9d487dfef39446e41a9dcf9dcd9760fdb83b0f2739df58cfc3c45f7afc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1944 wrote to memory of 1988	1944	regsvr32.exe	regsvr32.exe
PID 1944 wrote to memory of 1988	1944	regsvr32.exe	regsvr32.exe
PID 1944 wrote to memory of 1988	1944	regsvr32.exe	regsvr32.exe
PID 1944 wrote to memory of 1988	1944	regsvr32.exe	regsvr32.exe
PID 1944 wrote to memory of 1988	1944	regsvr32.exe	regsvr32.exe
PID 1944 wrote to memory of 1988	1944	regsvr32.exe	regsvr32.exe
PID 1944 wrote to memory of 1988	1944	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\TrickBot_04F60000.bin.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1944

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\TrickBot_04F60000.bin.dll
2⤵
PID:1988

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-59-0x000007FEFB891000-0x000007FEFB893000-memory.dmp

Filesize
8KB

Download
memory/1988-60-0x0000000000000000-mapping.dmp

Download
memory/1988-61-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download