Overview

overview

10

Static

static

triage_dro...le.dll

windows7_x64

10

triage_dro...le.dll

windows10_x64

10

Analysis

  • max time kernel
    125s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    22-07-2021 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    triage_dropped_file.dll

  • Size

    413KB

  • MD5

    1a0a3f41570af7287e65642c607a3746

  • SHA1

    30851f92c3e1cdd0a2bfb52a803e8eef93bdb669

  • SHA256

    bb63cf1bbf457836cdaa43876fe78270a6fb2feca8f304715b7d2f5b7b69285b

  • SHA512

    f23d1586dd6a9c33358ce184ae13b4d58a26443973068519abfd428aa03152e52f21b2a53bdbd3a4e965a3fe1f15c4680f7a81a6c260c603e96ed2dc1e924e28

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1220
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\triage_dropped_file.dll
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2044
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        2⤵
          PID:840
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\triage_dropped_file.dll"
        1⤵
          PID:1740

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          MD5

          2902de11e30dcc620b184e3bb0f0c1cb

          SHA1

          5d11d14a2558801a2688dc2d6dfad39ac294f222

          SHA256

          e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

          SHA512

          efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          MD5

          5c4ce21c7380024df8ccdd6e471f4639

          SHA1

          6b2b6e5b06ce9911085d90b9a66fc597e6fabc2f

          SHA256

          56071b53ab06582bf987ece7faa82a515d1cb2c5a186499d3e87debb628c80fe

          SHA512

          d40854e711f82d43c7bd4a021aacc2640830398faa2426470f4cc9fcc870e93ecf5c365515ec8f038f6a0acef2e24fb70ea8c104c49673426a72cc4bc023de34

          Download Submit
        • memory/840-61-0x000000013F4C0000-0x000000013F705000-memory.dmp
          Filesize

          2.3MB

          Download
        • memory/840-62-0x000000013F6D77D8-mapping.dmp
          Download
        • memory/840-63-0x000000013F4C0000-0x000000013F705000-memory.dmp
          Filesize

          2.3MB

          Download
        • memory/1740-65-0x0000000000150000-0x000000000018E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/2044-59-0x000007FEFC251000-0x000007FEFC253000-memory.dmp
          Filesize

          8KB

          Download
        • memory/2044-60-0x00000000001E0000-0x000000000021E000-memory.dmp
          Filesize

          248KB

          Download