cea50794ea004c7f24bdf28c66c8609e5f1e60a69ddfab1e3c979712732d1890 | Triage

Analysis

max time kernel
138s
max time network
144s
platform
windows10_x64
resource
win10-en-20211014
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

cea50794ea004c7f24bdf28c66c8609e5f1e60a69ddfab1e3c979712732d1890.dll
Size

76KB
MD5

16b78cc4367658f585d6b55122dbff57
SHA1

4757aef37a76207c434d07b11559f221fcebca50
SHA256

cea50794ea004c7f24bdf28c66c8609e5f1e60a69ddfab1e3c979712732d1890
SHA512

6f2e2fac3dbd9ed16fc6dc3f411212390878a09d427c3f03511420a5fbe33cf13b4a1cd796c70ed8f94ea3c88c8e9dd5a56c79de8e061c248e799365e90c54eb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 816	768	regsvr32.exe	68
PID 768 wrote to memory of 816	768	regsvr32.exe	68
PID 768 wrote to memory of 816	768	regsvr32.exe	68

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cea50794ea004c7f24bdf28c66c8609e5f1e60a69ddfab1e3c979712732d1890.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:768
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cea50794ea004c7f24bdf28c66c8609e5f1e60a69ddfab1e3c979712732d1890.dll
  2⤵
  PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads