f25c0d7f5ec9964ac43ac3ca391e61589fdcf512d88343020cc4fd68193fe88f | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211104
submitted
13/11/2021, 17:36

Sharing

Report Analysis Logs

General

Target

f25c0d7f5ec9964ac43ac3ca391e61589fdcf512d88343020cc4fd68193fe88f.dll
Size

76KB
MD5

9b093230e1ca92da741a8c49870ac254
SHA1

ce109da2be526bced47e91e12d79e9d2dd3faccb
SHA256

f25c0d7f5ec9964ac43ac3ca391e61589fdcf512d88343020cc4fd68193fe88f
SHA512

0d0233e931677c7fd63099a4ce0df89602f522305f5570734adf347a7b563d4ea7cb1c8b4de0ee6d3a00c5b7b9f34b8ee419651a31482b9ebe1cfcacdcb266e1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 472	588	regsvr32.exe	28
PID 588 wrote to memory of 472	588	regsvr32.exe	28
PID 588 wrote to memory of 472	588	regsvr32.exe	28
PID 588 wrote to memory of 472	588	regsvr32.exe	28
PID 588 wrote to memory of 472	588	regsvr32.exe	28
PID 588 wrote to memory of 472	588	regsvr32.exe	28
PID 588 wrote to memory of 472	588	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f25c0d7f5ec9964ac43ac3ca391e61589fdcf512d88343020cc4fd68193fe88f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:588
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f25c0d7f5ec9964ac43ac3ca391e61589fdcf512d88343020cc4fd68193fe88f.dll
  2⤵
  PID:472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/472-57-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/588-55-0x000007FEFC4D1000-0x000007FEFC4D3000-memory.dmp

Filesize
8KB

Download