e7e97177d7159e116844fcb14bb8bf16f217f24cab1d9dd7fe8a5450c38873c0 | Triage

Analysis

max time kernel
119s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:10

Sharing

Report Analysis Logs

General

Target

e7e97177d7159e116844fcb14bb8bf16f217f24cab1d9dd7fe8a5450c38873c0.dll
Size

574KB
MD5

ce50251eb7b9090e3ea1746da74bcc33
SHA1

7cb0983f9e2a3b579a7911ba4a61323029ef87da
SHA256

e7e97177d7159e116844fcb14bb8bf16f217f24cab1d9dd7fe8a5450c38873c0
SHA512

55198a433dc5491c33cbcdfc7648105a660680a492ffb57ad61973f5f551ce3e5828c7d99891e3ddc2b6b07231ecd343d2b99b8b392fb7bd899a9bdb72cd33c3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2668 wrote to memory of 2672	2668	regsvr32.exe	regsvr32.exe
PID 2668 wrote to memory of 2672	2668	regsvr32.exe	regsvr32.exe
PID 2668 wrote to memory of 2672	2668	regsvr32.exe	regsvr32.exe
PID 2672 wrote to memory of 3956	2672	regsvr32.exe	rundll32.exe
PID 2672 wrote to memory of 3956	2672	regsvr32.exe	rundll32.exe
PID 2672 wrote to memory of 3956	2672	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e7e97177d7159e116844fcb14bb8bf16f217f24cab1d9dd7fe8a5450c38873c0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2668

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\e7e97177d7159e116844fcb14bb8bf16f217f24cab1d9dd7fe8a5450c38873c0.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2672

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\e7e97177d7159e116844fcb14bb8bf16f217f24cab1d9dd7fe8a5450c38873c0.dll",DllRegisterServer
3⤵
PID:3956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2672-115-0x0000000000000000-mapping.dmp

Download
memory/2672-117-0x0000000002655000-0x0000000002656000-memory.dmp

Filesize
4KB

Download
memory/2672-116-0x0000000002631000-0x0000000002655000-memory.dmp

Filesize
144KB

Download
memory/3956-118-0x0000000000000000-mapping.dmp

Download