afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2 | Triage

Resubmissions

07-07-2022 11:51

220707-n1m6qahha2 10

31-01-2022 06:31

220131-g95nssgge2 3

Analysis

max time kernel
119s
max time network
140s
platform
windows7_x64
resource
win7-en-20211208
submitted
31-01-2022 06:31

Sharing

Report Analysis Logs

General

Target

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
Size

3.1MB
MD5

7a5324615cbf70bad37c84cefb012e80
SHA1

ebbac85d574144f92e23829bea472f3aa43100fa
SHA256

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2
SHA512

2f715f203eae83c448e81c4cbd283638cf5c080dbb607c67a1545e417b4066c8fc23990409e500aa82c77630198d9069a7da45be90f055dd3f46c3be1a4ed2c1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 1812	752	regsvr32.exe	27
PID 752 wrote to memory of 1812	752	regsvr32.exe	27
PID 752 wrote to memory of 1812	752	regsvr32.exe	27
PID 752 wrote to memory of 1812	752	regsvr32.exe	27
PID 752 wrote to memory of 1812	752	regsvr32.exe	27
PID 752 wrote to memory of 1812	752	regsvr32.exe	27
PID 752 wrote to memory of 1812	752	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
  2⤵
  PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/752-54-0x000007FEFC0E1000-0x000007FEFC0E3000-memory.dmp

Filesize
8KB

Download
memory/1812-55-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download