7ac75d8d4390707428b148cf3cad23d804930141fd8ea53cf1a7790f7d1c3c88 | Triage

Analysis

max time kernel
2s
max time network
53s
platform
windows7_x64
resource
win7v20210410
submitted
15-06-2021 11:19

Sharing

Report Analysis Logs

General

Target

7ac75d8d4390707428b148cf3cad23d804930141fd8ea53cf1a7790f7d1c3c88.bin.sample.dll
Size

121KB
MD5

612f5b62182b5c3a8eb64ecaa2827462
SHA1

9d2bfcbaf44f9e59bbb451dce29e4c7ad6778808
SHA256

7ac75d8d4390707428b148cf3cad23d804930141fd8ea53cf1a7790f7d1c3c88
SHA512

9e001e766a6bb8505a15830b25268f958f79c6ed064b07b70af0165e3a2f967c3689581c012cdd7c3d631076172c2acc0fd1406fac809e835b149669db7a23a9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 592 wrote to memory of 2012	592	regsvr32.exe	regsvr32.exe
PID 592 wrote to memory of 2012	592	regsvr32.exe	regsvr32.exe
PID 592 wrote to memory of 2012	592	regsvr32.exe	regsvr32.exe
PID 592 wrote to memory of 2012	592	regsvr32.exe	regsvr32.exe
PID 592 wrote to memory of 2012	592	regsvr32.exe	regsvr32.exe
PID 592 wrote to memory of 2012	592	regsvr32.exe	regsvr32.exe
PID 592 wrote to memory of 2012	592	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7ac75d8d4390707428b148cf3cad23d804930141fd8ea53cf1a7790f7d1c3c88.bin.sample.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:592

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\7ac75d8d4390707428b148cf3cad23d804930141fd8ea53cf1a7790f7d1c3c88.bin.sample.dll
2⤵
PID:2012

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/592-59-0x000007FEFB9A1000-0x000007FEFB9A3000-memory.dmp

Filesize
8KB

Download
memory/2012-60-0x0000000000000000-mapping.dmp

Download
memory/2012-61-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download