08ecc70978defbe45ef1cc45aae6a9172e28dee52fbe5939606ca47a4ffc52f5 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-en-20211208
submitted
30-01-2022 16:36

Sharing

Report Analysis Logs

General

Target

08ecc70978defbe45ef1cc45aae6a9172e28dee52fbe5939606ca47a4ffc52f5.dll
Size

377KB
MD5

6f935cbdde0e200b515b6ac8f1d966fb
SHA1

9053b7516fb5d585c7850d47ccc983fc275d573d
SHA256

08ecc70978defbe45ef1cc45aae6a9172e28dee52fbe5939606ca47a4ffc52f5
SHA512

7ec5a9175bffac6dd8581fb255db90f5c1479041ff4280221c3f46caec74ac2f110b72ebebdb61d5185b41a4aa143578c23e54f5122b8147a9e8253504d8890e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 1920	1036	regsvr32.exe	27
PID 1036 wrote to memory of 1920	1036	regsvr32.exe	27
PID 1036 wrote to memory of 1920	1036	regsvr32.exe	27
PID 1036 wrote to memory of 1920	1036	regsvr32.exe	27
PID 1036 wrote to memory of 1920	1036	regsvr32.exe	27
PID 1036 wrote to memory of 1920	1036	regsvr32.exe	27
PID 1036 wrote to memory of 1920	1036	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08ecc70978defbe45ef1cc45aae6a9172e28dee52fbe5939606ca47a4ffc52f5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\08ecc70978defbe45ef1cc45aae6a9172e28dee52fbe5939606ca47a4ffc52f5.dll
  2⤵
  PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1036-54-0x000007FEFC0E1000-0x000007FEFC0E3000-memory.dmp

Filesize
8KB

Download
memory/1920-55-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/1920-56-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download