a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 09:32

Sharing

Report Analysis Logs

General

Target

a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c.dll
Size

42KB
MD5

cdf3bdc294b699f25b8d6ff8c1a2171e
SHA1

bd28cb6aa90934cbaf6fd52c68271c4f4fffbb60
SHA256

a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
SHA512

2056e26fa5a4cb6325f6d06ac4ad00289ad7d97610621369fea194a7ba204489120b319a8dac04f1c7674a75758d8076e4b42308aa9c5c5153e4a200d72a86ee

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1592 wrote to memory of 1448	1592	regsvr32.exe	regsvr32.exe
PID 1592 wrote to memory of 1448	1592	regsvr32.exe	regsvr32.exe
PID 1592 wrote to memory of 1448	1592	regsvr32.exe	regsvr32.exe
PID 1592 wrote to memory of 1448	1592	regsvr32.exe	regsvr32.exe
PID 1592 wrote to memory of 1448	1592	regsvr32.exe	regsvr32.exe
PID 1592 wrote to memory of 1448	1592	regsvr32.exe	regsvr32.exe
PID 1592 wrote to memory of 1448	1592	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1592

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c.dll
2⤵
PID:1448

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1448-55-0x0000000076421000-0x0000000076423000-memory.dmp

Filesize
8KB

Download
memory/1592-54-0x000007FEFBAE1000-0x000007FEFBAE3000-memory.dmp

Filesize
8KB

Download