Overview

overview

1

Static

static

5cd5117a6e...f0.dll

windows7_x64

1

Resubmissions

23-09-2021 14:52

210923-r89apsega9 10

16-09-2021 02:31

210916-cz3z1abhc4 1

16-09-2021 02:30

210916-czcstabhb9 1

16-09-2021 02:27

210916-cxvwlsbhb6 10

Analysis

  • max time kernel
    9s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7-en
  • submitted
    16-09-2021 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cd5117a6e5ce9208897678ed6c44bf821f02326b01386589e56e0adbe0581f0.dll

  • Size

    424KB

  • MD5

    ae5a227472b36642f4325c2fd4f884f5

  • SHA1

    7efc236d4804073a99337a7833b9536c358c49bc

  • SHA256

    5cd5117a6e5ce9208897678ed6c44bf821f02326b01386589e56e0adbe0581f0

  • SHA512

    dbb2f38f14785e8e27d5e7e313bf8f8a9812f8cb2bf0aeed3a3fd8f76f246aa8f8a5c4a17c4fb7c48f97dddcd883b9b3a31ee96b6b18bb310db3fb6cab5f3d2a

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5cd5117a6e5ce9208897678ed6c44bf821f02326b01386589e56e0adbe0581f0.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\5cd5117a6e5ce9208897678ed6c44bf821f02326b01386589e56e0adbe0581f0.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:808
      • C:\Windows\system32\wermgr.exe
        C:\Windows\system32\wermgr.exe
        3⤵
          PID:1220

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/808-54-0x0000000000000000-mapping.dmp
      Download
    • memory/808-55-0x0000000076071000-0x0000000076073000-memory.dmp
      Filesize

      8KB

      Download
    • memory/808-56-0x0000000000250000-0x000000000028B000-memory.dmp
      Filesize

      236KB

      Download
    • memory/808-59-0x0000000000350000-0x0000000000389000-memory.dmp
      Filesize

      228KB

      Download
    • memory/808-61-0x0000000000410000-0x0000000000448000-memory.dmp
      Filesize

      224KB

      Download
    • memory/808-63-0x0000000000200000-0x0000000000239000-memory.dmp
      Filesize

      228KB

      Download
    • memory/808-65-0x0000000000AD0000-0x0000000000AE1000-memory.dmp
      Filesize

      68KB

      Download
    • memory/808-64-0x0000000000450000-0x0000000000495000-memory.dmp
      Filesize

      276KB

      Download
    • memory/808-66-0x00000000004B1000-0x00000000004B3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/820-53-0x000007FEFB791000-0x000007FEFB793000-memory.dmp
      Filesize

      8KB

      Download