Analysis
-
max time kernel
144s -
max time network
160s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
13-11-2021 17:36
Static task
static1
Behavioral task
behavioral1
Sample
d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.dll
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.dll
Resource
win10-en-20211104
windows10_x64
0 signatures
0 seconds
General
-
Target
d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.dll
-
Size
76KB
-
MD5
e8ae3940c30296d494e534e0379f15d6
-
SHA1
3bcb5e7bc9c317c3c067f36d7684a419da79506c
-
SHA256
d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167
-
SHA512
d07b8e684fc1c7a103b64b46d777091bb79103448e91f862c12f0080435feff1c9e907472b7fd4e236ff0b0a8e90dbbaaac202e2238f95578fed1ff6f5247386
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3912 wrote to memory of 3628 3912 regsvr32.exe 68 PID 3912 wrote to memory of 3628 3912 regsvr32.exe 68 PID 3912 wrote to memory of 3628 3912 regsvr32.exe 68
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.dll2⤵PID:3628
-