e497e2f29843f17804a75e34c8c8c131e89d4ae1591c798be30103b52c037d97 | Triage

Analysis

max time kernel
119s
max time network
155s
platform
windows10_x64
resource
win10-en-20211014
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

e497e2f29843f17804a75e34c8c8c131e89d4ae1591c798be30103b52c037d97.dll
Size

67KB
MD5

9ac4024f2e1a30c015387be265ad10a5
SHA1

0650427091df382d20db9e37cccff11d9ccbb23b
SHA256

e497e2f29843f17804a75e34c8c8c131e89d4ae1591c798be30103b52c037d97
SHA512

8b77f89411300963b5400dd140f5f654c11e36709caa1485aebc82fe5134572514ceb47d3186e9891ebfd627335be1f40f2cda94035eab0f81dfa3ee7309e7a8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 3684	3592	regsvr32.exe	68
PID 3592 wrote to memory of 3684	3592	regsvr32.exe	68
PID 3592 wrote to memory of 3684	3592	regsvr32.exe	68

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e497e2f29843f17804a75e34c8c8c131e89d4ae1591c798be30103b52c037d97.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e497e2f29843f17804a75e34c8c8c131e89d4ae1591c798be30103b52c037d97.dll
  2⤵
  PID:3684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads