Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
13-11-2021 17:35
Static task
static1
Behavioral task
behavioral1
Sample
156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596.dll
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596.dll
-
Size
50KB
-
MD5
4c2acbbf873ad268a5ffd94bf824fc5e
-
SHA1
95b57dd24f794e4f486441cd786e4174101ba440
-
SHA256
156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596
-
SHA512
fdd12c6dd723eadd24f824143f05480fea7f50c127d8117dd50bf83695d3374ace225f804df7ae592e671d059ac24d21ce6a4e20fa86de64b006f71283b61288
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1576 wrote to memory of 768 1576 regsvr32.exe 28 PID 1576 wrote to memory of 768 1576 regsvr32.exe 28 PID 1576 wrote to memory of 768 1576 regsvr32.exe 28 PID 1576 wrote to memory of 768 1576 regsvr32.exe 28 PID 1576 wrote to memory of 768 1576 regsvr32.exe 28 PID 1576 wrote to memory of 768 1576 regsvr32.exe 28 PID 1576 wrote to memory of 768 1576 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596.dll2⤵PID:768
-