Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
13-12-2021 06:52
Behavioral task
behavioral1
Sample
tmp/ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
tmp/ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe.dll
-
Size
52KB
-
MD5
0fd58bc7bddb0339f8ac4f200aa26652
-
SHA1
7335f8bc97329b67f00f05aefbac15fed2a1511b
-
SHA256
ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050
-
SHA512
9bdc7ccbdc77f39beb397c11184124f277308dd5a8a31df4156547c99cc86626c75db6b37dc45faa75951c25ef2e9af4b84497d8c0fcce9c634d87d282e9172b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 972 wrote to memory of 1744 972 regsvr32.exe regsvr32.exe PID 972 wrote to memory of 1744 972 regsvr32.exe regsvr32.exe PID 972 wrote to memory of 1744 972 regsvr32.exe regsvr32.exe PID 972 wrote to memory of 1744 972 regsvr32.exe regsvr32.exe PID 972 wrote to memory of 1744 972 regsvr32.exe regsvr32.exe PID 972 wrote to memory of 1744 972 regsvr32.exe regsvr32.exe PID 972 wrote to memory of 1744 972 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\tmp\ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\tmp\ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe.dll2⤵