a92a643ad0d5cefd4d922720e9a24570c54168143da0da2447edbddd7e1e233f | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-en-20211208
submitted
21-01-2022 23:21

Sharing

Report Analysis Logs

General

Target

a92a643ad0d5cefd4d922720e9a24570c54168143da0da2447edbddd7e1e233f.dll
Size

391KB
MD5

61706b402aea755ea6588f3794637fe9
SHA1

0c3ec40e7d05066caa54bd76ca155ce1d04fdf81
SHA256

a92a643ad0d5cefd4d922720e9a24570c54168143da0da2447edbddd7e1e233f
SHA512

3b74f25fff5e8ff244593383f0b073e8f3d3600b5600f887fb5210961c5c4dc4965368b3079e5d5bb30dd3cac1d42acbbf733f8e63a3f9c3c979f7704309dab8

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 1864	952	regsvr32.exe	27
PID 952 wrote to memory of 1864	952	regsvr32.exe	27
PID 952 wrote to memory of 1864	952	regsvr32.exe	27
PID 952 wrote to memory of 1864	952	regsvr32.exe	27
PID 952 wrote to memory of 1864	952	regsvr32.exe	27
PID 952 wrote to memory of 1864	952	regsvr32.exe	27
PID 952 wrote to memory of 1864	952	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a92a643ad0d5cefd4d922720e9a24570c54168143da0da2447edbddd7e1e233f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a92a643ad0d5cefd4d922720e9a24570c54168143da0da2447edbddd7e1e233f.dll
  2⤵
  - Drops file in Windows directory
  PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/952-53-0x000007FEFB8C1000-0x000007FEFB8C3000-memory.dmp

Filesize
8KB

Download
memory/1864-54-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download
memory/1864-55-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download