0648bdad8a597280f65f4db2448ba1524d6508841933156f4dfef9d1fe2e5075 | Triage

Resubmissions

21-10-2021 10:35

211021-mmmglaback 10

20-10-2021 19:12

211020-xwr4jshed7 10

20-10-2021 17:12

211020-vqvldaacdj 10

Analysis

max time kernel
4s
max time network
18s
platform
windows10_x64
resource
win10-en-20210920
submitted
20-10-2021 17:12

Sharing

Report Analysis Logs

General

Target

Documents.tmp.dll
Size

1.7MB
MD5

133f935f9bc1c919af18db30f9db657d
SHA1

afb6253e491e109ebe2445ab4935f37120420b5c
SHA256

0648bdad8a597280f65f4db2448ba1524d6508841933156f4dfef9d1fe2e5075
SHA512

5d0c5f6ca0b28253a3537c11cfc7f5a72e417c4b4607a148dfa770c307466e81058f56b7ad67cb32761442cda0d720ea23281b41b4979f545ceff5041327cd04

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1680 wrote to memory of 2808	1680	regsvr32.exe	regsvr32.exe
PID 1680 wrote to memory of 2808	1680	regsvr32.exe	regsvr32.exe
PID 1680 wrote to memory of 2808	1680	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Documents.tmp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1680

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\Documents.tmp.dll
2⤵
PID:2808

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2808-115-0x0000000000000000-mapping.dmp

Download