a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578 | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 09:34

Sharing

Report Analysis Logs

General

Target

a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578.dll
Size

42KB
MD5

8228ee6b537209f37b61def0fed70896
SHA1

5eebb557b3597a55d0637b9facc64188ec302b42
SHA256

a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578
SHA512

adcc34a7f5676cabf3708f035c401ee48ba46fe3494036db9e2a74af84b273a260b0cc4f21b38f3ed4a0e849c5116fdaf6dd4a0f1003d028782ef9df343c9a77

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2036	1600	regsvr32.exe	27
PID 1600 wrote to memory of 2036	1600	regsvr32.exe	27
PID 1600 wrote to memory of 2036	1600	regsvr32.exe	27
PID 1600 wrote to memory of 2036	1600	regsvr32.exe	27
PID 1600 wrote to memory of 2036	1600	regsvr32.exe	27
PID 1600 wrote to memory of 2036	1600	regsvr32.exe	27
PID 1600 wrote to memory of 2036	1600	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578.dll
  2⤵
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-54-0x000007FEFC261000-0x000007FEFC263000-memory.dmp

Filesize
8KB

Download
memory/2036-55-0x0000000075CE1000-0x0000000075CE3000-memory.dmp

Filesize
8KB

Download