Analysis

  • max time kernel
    137s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    20-10-2021 10:04

General

  • Target

    7600010ee12e098ebebd2cf9e4cab289b465ceb81bd999ae2c6074b8385d7de5.dll

  • Size

    789KB

  • MD5

    64547ac671ff0b66fd75668fbc6ba756

  • SHA1

    aa77a5cd30666369f10cf7faea85477b99c3ed66

  • SHA256

    7600010ee12e098ebebd2cf9e4cab289b465ceb81bd999ae2c6074b8385d7de5

  • SHA512

    48cd4ad393977057af626ec9a48f16e818cb370d1410ec79ff3ec97b7442cde5a88f7acb98667aa85d401c8ab3a8760d224a055163239909bd83e51df398b3a5

Score
10/10

Malware Config

Signatures

  • Egregor Ransomware

    Variant of the Sekhmet ransomware first seen in September 2020.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7600010ee12e098ebebd2cf9e4cab289b465ceb81bd999ae2c6074b8385d7de5.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3116
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\7600010ee12e098ebebd2cf9e4cab289b465ceb81bd999ae2c6074b8385d7de5.dll
      2⤵
        PID:1308
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1352

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1308-115-0x0000000000000000-mapping.dmp
      • memory/1308-118-0x0000000000700000-0x000000000073F000-memory.dmp
        Filesize

        252KB

      • memory/1308-121-0x0000000000600000-0x000000000074A000-memory.dmp
        Filesize

        1.3MB