d7f5bd1e080f36eb2c3892e72d7dca07521ae7a6f556453d8e38a3d74105754c | Triage

Analysis

max time kernel
2s
max time network
11s
platform
windows7_x64
resource
win7v20210410
submitted
12-06-2021 11:15

Sharing

Report Analysis Logs

General

Target

1.dll
Size

74KB
MD5

d21ed47d54b873960867a6415f0df8e1
SHA1

5a965bba445a7b7e97f129845a5f280d91b23f50
SHA256

d7f5bd1e080f36eb2c3892e72d7dca07521ae7a6f556453d8e38a3d74105754c
SHA512

4f850d659def63e705b8b6d99dd2ef6a392c95f947bb314519dc33880d5bda42c19bba39bcae04aed89d1d6600db59028f33f7d3fd0d6b3b91cdb6d1f8b15cf7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1116 wrote to memory of 2016	1116	regsvr32.exe	regsvr32.exe
PID 1116 wrote to memory of 2016	1116	regsvr32.exe	regsvr32.exe
PID 1116 wrote to memory of 2016	1116	regsvr32.exe	regsvr32.exe
PID 1116 wrote to memory of 2016	1116	regsvr32.exe	regsvr32.exe
PID 1116 wrote to memory of 2016	1116	regsvr32.exe	regsvr32.exe
PID 1116 wrote to memory of 2016	1116	regsvr32.exe	regsvr32.exe
PID 1116 wrote to memory of 2016	1116	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1116

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\1.dll
2⤵
PID:2016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1116-59-0x000007FEFC301000-0x000007FEFC303000-memory.dmp

Filesize
8KB

Download
memory/2016-60-0x0000000000000000-mapping.dmp

Download
memory/2016-61-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download