Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
03-12-2021 12:35
Behavioral task
behavioral1
Sample
tmp/0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.dll
Resource
win7-en-20211104
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.dll
Resource
win10-en-20211014
0 signatures
0 seconds
General
-
Target
tmp/0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.dll
-
Size
56KB
-
MD5
ef9b294be6e74fe143e7931ace3b5771
-
SHA1
1b8a2df55437454739f5a2c0a6f027db94b3ab1a
-
SHA256
0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d
-
SHA512
0d71afe65df3ff1ff208b98aaf6dcdfca6e525662ac21f5920367415176c5a993e65eed022047d0c4b4af4fcd923f4fd517e9aac96659fbf701c2c0ed062618e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1520 wrote to memory of 744 1520 regsvr32.exe regsvr32.exe PID 1520 wrote to memory of 744 1520 regsvr32.exe regsvr32.exe PID 1520 wrote to memory of 744 1520 regsvr32.exe regsvr32.exe PID 1520 wrote to memory of 744 1520 regsvr32.exe regsvr32.exe PID 1520 wrote to memory of 744 1520 regsvr32.exe regsvr32.exe PID 1520 wrote to memory of 744 1520 regsvr32.exe regsvr32.exe PID 1520 wrote to memory of 744 1520 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\tmp\0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\tmp\0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.dll2⤵