468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4 | Triage

Analysis

max time kernel
112s
max time network
125s
platform
windows10_x64
resource
win10-en-20211014
submitted
26-10-2021 14:22

Sharing

Report Analysis Logs

General

Target

468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4.bin.dll
Size

64KB
MD5

7ad09f40cb98c1c7b29e5f5c89a3b1db
SHA1

f4ae99cbd6505a8b23dc187b3cdd062465c62829
SHA256

468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4
SHA512

fac37e833d8f9b263bef3ce691b4f45aa858ce93290a9edc533aaeefc8f305b94debe910400ec53e4cc4f31b471787c4ea71882e65507013d4ad7f5457f49c8c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3672 wrote to memory of 3556	3672	regsvr32.exe	regsvr32.exe
PID 3672 wrote to memory of 3556	3672	regsvr32.exe	regsvr32.exe
PID 3672 wrote to memory of 3556	3672	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4.bin.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3672

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4.bin.dll
2⤵
PID:3556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3556-115-0x0000000000000000-mapping.dmp

Download