0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952 | Triage

Analysis

max time kernel
13s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 08:26

Sharing

Report Analysis Logs

General

Target

0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952.dll
Size

693KB
MD5

b7ad5f7ec71dc812b4771950671b192a
SHA1

cf02d630465eaf009db8bcc8a0dd4242a1d2dd82
SHA256

0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952
SHA512

5dd1d8e840b56f35cc06dd826aa335fec131ad202ccbb572c88b4dd4b630a291453df7c0fbfee2229ea7f4d2810a73a752ca8657c505f383974736a5f1f75369

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4128	3432	regsvr32.exe	82
PID 3432 wrote to memory of 4128	3432	regsvr32.exe	82
PID 3432 wrote to memory of 4128	3432	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952.dll
  2⤵
  PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4128-130-0x0000000001000000-0x0000000001028000-memory.dmp

Filesize
160KB

Download