67eaada8a12b536d407706e21e7f5b38ccc29d62e40dd66bbf2b2902df0169f0 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-en-20211104
submitted
30-11-2021 13:57

Sharing

Report Analysis Logs

General

Target

6.bin.dll
Size

138KB
MD5

e7b4153cc22f46f87835b6d59d6905e4
SHA1

ca6f9879c802bf96697354b01c61e5a98b769275
SHA256

67eaada8a12b536d407706e21e7f5b38ccc29d62e40dd66bbf2b2902df0169f0
SHA512

e8e6de8e3ccdd5de96747938fea18294c428794a11e77b96a494be1e54c2641f26a995733e6e307eece9c7635c7b70a329527d01a86134ac1095b696c8a19012

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1936 wrote to memory of 792	1936	regsvr32.exe	regsvr32.exe
PID 1936 wrote to memory of 792	1936	regsvr32.exe	regsvr32.exe
PID 1936 wrote to memory of 792	1936	regsvr32.exe	regsvr32.exe
PID 1936 wrote to memory of 792	1936	regsvr32.exe	regsvr32.exe
PID 1936 wrote to memory of 792	1936	regsvr32.exe	regsvr32.exe
PID 1936 wrote to memory of 792	1936	regsvr32.exe	regsvr32.exe
PID 1936 wrote to memory of 792	1936	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6.bin.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1936

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\6.bin.dll
2⤵
PID:792

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/792-56-0x0000000000000000-mapping.dmp

Download
memory/792-57-0x0000000075A01000-0x0000000075A03000-memory.dmp

Filesize
8KB

Download
memory/792-58-0x0000000000180000-0x0000000000200000-memory.dmp

Filesize
512KB

Download
memory/1936-55-0x000007FEFBF21000-0x000007FEFBF23000-memory.dmp

Filesize
8KB

Download