8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27 | Triage

Resubmissions

21-09-2021 13:24

210921-qnpvwsccdk 10

14-09-2021 11:19

210914-ne2rzsafbp 1

Analysis

max time kernel
115s
max time network
52s
platform
windows7_x64
resource
win7v20210408
submitted
21-09-2021 13:24

Sharing

Report Analysis Logs

General

Target

090921.dll
Size

367KB
MD5

7fcab487b86152ad589d53d936d4c55c
SHA1

7cc03d7e00679fc2ac866860a72d1a78bee37c2a
SHA256

8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27
SHA512

70b0938b07f7695ecb7b69d36bdf8b4bf72ad3ea2282057f0b63bdcd54d619a935aed6da439b779dbf4ba621cdc9a0472cc9bfa97c3fccea126a6ffadcd8c9ff

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1976	1992	regsvr32.exe	27
PID 1992 wrote to memory of 1976	1992	regsvr32.exe	27
PID 1992 wrote to memory of 1976	1992	regsvr32.exe	27
PID 1992 wrote to memory of 1976	1992	regsvr32.exe	27
PID 1992 wrote to memory of 1976	1992	regsvr32.exe	27
PID 1992 wrote to memory of 1976	1992	regsvr32.exe	27
PID 1992 wrote to memory of 1976	1992	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\090921.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\090921.dll
  2⤵
  PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-62-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download
memory/1976-63-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/1992-60-0x000007FEFB761000-0x000007FEFB763000-memory.dmp

Filesize
8KB

Download