53936fcc62ed6e3515b3515531993d92be1d3aca9049f30a2ab2e0805cc45b8d | Triage

Resubmissions

23-08-2021 11:14

210823-v9jqagsjfs 10

25-06-2021 09:46

210625-zbrs642ns2 10

Analysis

max time kernel
60s
max time network
91s
platform
windows7_x64
resource
win7v20210408
submitted
25-06-2021 09:46

Sharing

Report Analysis Logs

General

Target

53936fcc62ed6e3515b3515531993d92be1d3aca9049f30a2ab2e0805cc45b8d.bin.sample.dll
Size

122KB
MD5

9cfb3b75ab491fa2fb2598914a7558f4
SHA1

6ba4bfef1a07ef5ba8df319e183dbc253ab45ad8
SHA256

53936fcc62ed6e3515b3515531993d92be1d3aca9049f30a2ab2e0805cc45b8d
SHA512

7799e9afdc0be4473e0e2bd9d524e7b6b6de041c5b9b30a5441d50ae0bb700aa516ed891f6151f1c40d1184d7b5e1eb45d05dfc58834732413466425751e1d54

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1060 wrote to memory of 1984	1060	regsvr32.exe	regsvr32.exe
PID 1060 wrote to memory of 1984	1060	regsvr32.exe	regsvr32.exe
PID 1060 wrote to memory of 1984	1060	regsvr32.exe	regsvr32.exe
PID 1060 wrote to memory of 1984	1060	regsvr32.exe	regsvr32.exe
PID 1060 wrote to memory of 1984	1060	regsvr32.exe	regsvr32.exe
PID 1060 wrote to memory of 1984	1060	regsvr32.exe	regsvr32.exe
PID 1060 wrote to memory of 1984	1060	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\53936fcc62ed6e3515b3515531993d92be1d3aca9049f30a2ab2e0805cc45b8d.bin.sample.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1060

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\53936fcc62ed6e3515b3515531993d92be1d3aca9049f30a2ab2e0805cc45b8d.bin.sample.dll
2⤵
PID:1984

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1060-59-0x000007FEFB701000-0x000007FEFB703000-memory.dmp

Filesize
8KB

Download
memory/1984-60-0x0000000000000000-mapping.dmp

Download
memory/1984-61-0x00000000750C1000-0x00000000750C3000-memory.dmp

Filesize
8KB

Download