Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
13-11-2021 17:35
Static task
static1
Behavioral task
behavioral1
Sample
0b77d31986f63795fc21ee5550c830b82c03e5fb66614493579272ee257e94b0.dll
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0b77d31986f63795fc21ee5550c830b82c03e5fb66614493579272ee257e94b0.dll
Resource
win10-en-20211104
windows10_x64
0 signatures
0 seconds
General
-
Target
0b77d31986f63795fc21ee5550c830b82c03e5fb66614493579272ee257e94b0.dll
-
Size
101KB
-
MD5
892a3723421b3dad9a8e903b03d8c94d
-
SHA1
d6bcf2745daa13d971dc67ff38ab696f9d0d4a0f
-
SHA256
0b77d31986f63795fc21ee5550c830b82c03e5fb66614493579272ee257e94b0
-
SHA512
0d98bd840383704202b77dbc2c36a98e4ae96a00cbe4b6e775872d5ebd6d0ab7fd7521e535b2aabbbbd728970830809da6a5655b8b4bf38d305c224a13aa2d29
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2044 wrote to memory of 1988 2044 regsvr32.exe 27 PID 2044 wrote to memory of 1988 2044 regsvr32.exe 27 PID 2044 wrote to memory of 1988 2044 regsvr32.exe 27 PID 2044 wrote to memory of 1988 2044 regsvr32.exe 27 PID 2044 wrote to memory of 1988 2044 regsvr32.exe 27 PID 2044 wrote to memory of 1988 2044 regsvr32.exe 27 PID 2044 wrote to memory of 1988 2044 regsvr32.exe 27
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\0b77d31986f63795fc21ee5550c830b82c03e5fb66614493579272ee257e94b0.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\0b77d31986f63795fc21ee5550c830b82c03e5fb66614493579272ee257e94b0.dll2⤵PID:1988
-