Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
27-12-2021 09:14
Behavioral task
behavioral1
Sample
tmp/636af8df31c8919739cfe1dfc89b412a2a50b1d19e5becf2f5cd280f7db859ae.exe.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/636af8df31c8919739cfe1dfc89b412a2a50b1d19e5becf2f5cd280f7db859ae.exe.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
tmp/636af8df31c8919739cfe1dfc89b412a2a50b1d19e5becf2f5cd280f7db859ae.exe.dll
-
Size
117KB
-
MD5
847efc3ae1f6445587d06579c2ac0b04
-
SHA1
0788bcf1d47c45531d709282cd4bb362a227f4be
-
SHA256
636af8df31c8919739cfe1dfc89b412a2a50b1d19e5becf2f5cd280f7db859ae
-
SHA512
159fea62f5c8bd75737b21f1c05eb802c1c9294f06cf195778d60b4c6a10ec4e9a418b00c1f6ba71052e850b5baaf0783e837f35177e8f34076dc5fe0c3e8c6f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 748 wrote to memory of 1176 748 regsvr32.exe regsvr32.exe PID 748 wrote to memory of 1176 748 regsvr32.exe regsvr32.exe PID 748 wrote to memory of 1176 748 regsvr32.exe regsvr32.exe PID 748 wrote to memory of 1176 748 regsvr32.exe regsvr32.exe PID 748 wrote to memory of 1176 748 regsvr32.exe regsvr32.exe PID 748 wrote to memory of 1176 748 regsvr32.exe regsvr32.exe PID 748 wrote to memory of 1176 748 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\tmp\636af8df31c8919739cfe1dfc89b412a2a50b1d19e5becf2f5cd280f7db859ae.exe.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\tmp\636af8df31c8919739cfe1dfc89b412a2a50b1d19e5becf2f5cd280f7db859ae.exe.dll2⤵