adcd8610415d62e2e886bad0fae495861023ad457a0fcbab77d2345d571b190f | Triage

Analysis

max time kernel
1s
max time network
42s
platform
windows7_x64
resource
win7v20210408
submitted
15-06-2021 10:14

Sharing

Report Analysis Logs

General

Target

3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0.dll
Size

119KB
MD5

91e06d83a0ea2e73f8143f9d70c2b8b1
SHA1

7ff7ce00ddb41170fe4b86858ae7bf4b9957ff0c
SHA256

3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0
SHA512

48e60e0da5a730837c1845552db012578c91655ae5234a27093408a83c25b2b4aee9b7c710a4484d591bdaaae838634aad02b8f35f656cdfb8ada5721cbada47

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 676 wrote to memory of 1664	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1664	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1664	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1664	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1664	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1664	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1664	676	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:676

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3c4063956b797106cc43a49a634bb530aecd6e9a898124bb8fed6978f4556ee0.dll
2⤵
PID:1664

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/676-59-0x000007FEFB531000-0x000007FEFB533000-memory.dmp

Filesize
8KB

Download
memory/1664-60-0x0000000000000000-mapping.dmp

Download
memory/1664-61-0x0000000075051000-0x0000000075053000-memory.dmp

Filesize
8KB

Download