0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d | Triage

Analysis

max time kernel
110s
max time network
122s
platform
windows10_x64
resource
win10-en-20211014
submitted
03-12-2021 12:35

Sharing

Report Analysis Logs

General

Target

tmp/0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.dll
Size

56KB
MD5

ef9b294be6e74fe143e7931ace3b5771
SHA1

1b8a2df55437454739f5a2c0a6f027db94b3ab1a
SHA256

0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d
SHA512

0d71afe65df3ff1ff208b98aaf6dcdfca6e525662ac21f5920367415176c5a993e65eed022047d0c4b4af4fcd923f4fd517e9aac96659fbf701c2c0ed062618e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3792 wrote to memory of 3404	3792	regsvr32.exe	regsvr32.exe
PID 3792 wrote to memory of 3404	3792	regsvr32.exe	regsvr32.exe
PID 3792 wrote to memory of 3404	3792	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\tmp\0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3792

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\tmp\0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.dll
2⤵
PID:3404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3404-115-0x0000000000000000-mapping.dmp

Download
memory/3404-116-0x00000000005D1000-0x00000000005D3000-memory.dmp

Filesize
8KB

Download