b6149807f9c7c1c84009208e0b25d1b00945150fe5de42a828870973194459cb | Triage

Analysis

max time kernel
117s
max time network
131s
platform
windows7_x64
resource
win7-en-20211104
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

b6149807f9c7c1c84009208e0b25d1b00945150fe5de42a828870973194459cb.dll
Size

50KB
MD5

904d5e65ee31852db764d1b0bb92e1b1
SHA1

b58e65a8385ee5fab36a4913033b67e6d9dae83d
SHA256

b6149807f9c7c1c84009208e0b25d1b00945150fe5de42a828870973194459cb
SHA512

f2bd6fa02c7a4a7dbc936ad861a4f4cc8b99ee77434ff459b8718fcf918cda57881a5d19496af4ced2cacaad76229e0fd8efc0ef413428fdad8d3fcb83e104e2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 292	696	regsvr32.exe	28
PID 696 wrote to memory of 292	696	regsvr32.exe	28
PID 696 wrote to memory of 292	696	regsvr32.exe	28
PID 696 wrote to memory of 292	696	regsvr32.exe	28
PID 696 wrote to memory of 292	696	regsvr32.exe	28
PID 696 wrote to memory of 292	696	regsvr32.exe	28
PID 696 wrote to memory of 292	696	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b6149807f9c7c1c84009208e0b25d1b00945150fe5de42a828870973194459cb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:696
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b6149807f9c7c1c84009208e0b25d1b00945150fe5de42a828870973194459cb.dll
  2⤵
  PID:292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/292-57-0x0000000076351000-0x0000000076353000-memory.dmp

Filesize
8KB

Download
memory/696-55-0x000007FEFBBE1000-0x000007FEFBBE3000-memory.dmp

Filesize
8KB

Download