a494525da7014eb1fd267a1a47cd4ed6c5e3b290042eb34c8b49f0346a45e6e6 | Triage

Analysis

max time kernel
3s
max time network
54s
platform
windows7_x64
resource
win7v20210408
submitted
01-06-2021 06:25

Sharing

Report Analysis Logs

General

Target

a494525da7014eb1fd267a1a47cd4ed6c5e3b290042eb34c8b49f0346a45e6e6.bin.sample.dll
Size

121KB
MD5

b169ce72bc3f9f0838713d53ab08e9da
SHA1

268fd636b359f9ff425ebc7a591fafda6d7f93a8
SHA256

a494525da7014eb1fd267a1a47cd4ed6c5e3b290042eb34c8b49f0346a45e6e6
SHA512

12830464d6744130e69185d55a57187b7c1b3b42ca701069f5e2c3a27d90009f8ff4972d323243cf78009cc8ad0d6d3995577a0fbbb0fc05bb3cf80ee8cd7567

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1768 wrote to memory of 1900	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 1900	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 1900	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 1900	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 1900	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 1900	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 1900	1768	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a494525da7014eb1fd267a1a47cd4ed6c5e3b290042eb34c8b49f0346a45e6e6.bin.sample.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1768

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a494525da7014eb1fd267a1a47cd4ed6c5e3b290042eb34c8b49f0346a45e6e6.bin.sample.dll
2⤵
PID:1900

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-59-0x000007FEFC0C1000-0x000007FEFC0C3000-memory.dmp

Filesize
8KB

Download
memory/1900-60-0x0000000000000000-mapping.dmp

Download
memory/1900-61-0x00000000769B1000-0x00000000769B3000-memory.dmp

Filesize
8KB

Download