cc35beb3f7b5fd6a38b1775f110f9ab527c90f3cf6e76b02e074dc2954955a4c | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 09:14

Sharing

Report Analysis Logs

General

Target

cc35beb3f7b5fd6a38b1775f110f9ab527c90f3cf6e76b02e074dc2954955a4c.dll
Size

64KB
MD5

6b645497a72175e510164553e888443b
SHA1

55c6c5b81b35713fd833cc934b9be80d378d67b7
SHA256

cc35beb3f7b5fd6a38b1775f110f9ab527c90f3cf6e76b02e074dc2954955a4c
SHA512

896b39ebfc5f21f3762292fdebd264ffad05ecad023d0b24c243d54f358be43abbf97eb2c2ceddaaa5b41a1e7da1218fdb2a4d44accd25fc66151d730c74a54d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1268 wrote to memory of 1672	1268	regsvr32.exe	regsvr32.exe
PID 1268 wrote to memory of 1672	1268	regsvr32.exe	regsvr32.exe
PID 1268 wrote to memory of 1672	1268	regsvr32.exe	regsvr32.exe
PID 1268 wrote to memory of 1672	1268	regsvr32.exe	regsvr32.exe
PID 1268 wrote to memory of 1672	1268	regsvr32.exe	regsvr32.exe
PID 1268 wrote to memory of 1672	1268	regsvr32.exe	regsvr32.exe
PID 1268 wrote to memory of 1672	1268	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cc35beb3f7b5fd6a38b1775f110f9ab527c90f3cf6e76b02e074dc2954955a4c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1268

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\cc35beb3f7b5fd6a38b1775f110f9ab527c90f3cf6e76b02e074dc2954955a4c.dll
2⤵
PID:1672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1268-55-0x000007FEFBCB1000-0x000007FEFBCB3000-memory.dmp

Filesize
8KB

Download
memory/1672-56-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download