Overview

overview

10

Static

static

triage_dro...le.dll

windows7_x64

10

triage_dro...le.dll

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    132s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-07-2021 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    triage_dropped_file.dll

  • Size

    413KB

  • MD5

    1a0a3f41570af7287e65642c607a3746

  • SHA1

    30851f92c3e1cdd0a2bfb52a803e8eef93bdb669

  • SHA256

    bb63cf1bbf457836cdaa43876fe78270a6fb2feca8f304715b7d2f5b7b69285b

  • SHA512

    f23d1586dd6a9c33358ce184ae13b4d58a26443973068519abfd428aa03152e52f21b2a53bdbd3a4e965a3fe1f15c4680f7a81a6c260c603e96ed2dc1e924e28

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2504
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\triage_dropped_file.dll
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3980
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        2⤵
          PID:3212
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\triage_dropped_file.dll"
        1⤵
          PID:2192

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2192-118-0x0000000000FB0000-0x0000000000FEE000-memory.dmp
          Filesize

          248KB

          Download
        • memory/3212-115-0x00007FF614E90000-0x00007FF6150D5000-memory.dmp
          Filesize

          2.3MB

          Download
        • memory/3212-116-0x00007FF6150A77D8-mapping.dmp
          Download
        • memory/3212-117-0x00007FF614E90000-0x00007FF6150D5000-memory.dmp
          Filesize

          2.3MB

          Download
        • memory/3980-114-0x0000000000E80000-0x0000000000EBE000-memory.dmp
          Filesize

          248KB

          Download