Analysis
-
max time kernel
121s -
max time network
129s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
21-01-2022 23:05
Static task
static1
Behavioral task
behavioral1
Sample
d547358d7506e4985ccbf497c58ca5a1767b38e35913521ebd50928f896f7ac7.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d547358d7506e4985ccbf497c58ca5a1767b38e35913521ebd50928f896f7ac7.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
d547358d7506e4985ccbf497c58ca5a1767b38e35913521ebd50928f896f7ac7.dll
-
Size
360KB
-
MD5
5e840e5cc4167379d7efd5b85fd31e43
-
SHA1
5245f1fe2a99267891a50593539929d02414c421
-
SHA256
d547358d7506e4985ccbf497c58ca5a1767b38e35913521ebd50928f896f7ac7
-
SHA512
bd66cc24b3ded27cb333f5908be365f55423c3898636c4fffd3fcbf53a8471c8e84773d13fe71d1cfb210ec3552684fa94a8d169e05a07af3f4339b65581a345
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1700 wrote to memory of 836 1700 regsvr32.exe 27 PID 1700 wrote to memory of 836 1700 regsvr32.exe 27 PID 1700 wrote to memory of 836 1700 regsvr32.exe 27 PID 1700 wrote to memory of 836 1700 regsvr32.exe 27 PID 1700 wrote to memory of 836 1700 regsvr32.exe 27 PID 1700 wrote to memory of 836 1700 regsvr32.exe 27 PID 1700 wrote to memory of 836 1700 regsvr32.exe 27
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\d547358d7506e4985ccbf497c58ca5a1767b38e35913521ebd50928f896f7ac7.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\d547358d7506e4985ccbf497c58ca5a1767b38e35913521ebd50928f896f7ac7.dll2⤵PID:836
-