8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76 | Triage

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 09:53

Sharing

Report Analysis Logs

General

Target

8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76.dll
Size

38KB
MD5

4a1ab739ba73ebc4c56f255b8d3393ae
SHA1

f5b3844af2bc9bb5584acc86192cf863a51162a1
SHA256

8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76
SHA512

cf7037c0c5d48bdab465dd7be8b635e2d656f409aead1fad9d749190827022cb2f2867ed676c4e21a55125050c291876ecedab7fe2187a2ea737a6a03212ce16

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1740 wrote to memory of 1520	1740	regsvr32.exe	regsvr32.exe
PID 1740 wrote to memory of 1520	1740	regsvr32.exe	regsvr32.exe
PID 1740 wrote to memory of 1520	1740	regsvr32.exe	regsvr32.exe
PID 1740 wrote to memory of 1520	1740	regsvr32.exe	regsvr32.exe
PID 1740 wrote to memory of 1520	1740	regsvr32.exe	regsvr32.exe
PID 1740 wrote to memory of 1520	1740	regsvr32.exe	regsvr32.exe
PID 1740 wrote to memory of 1520	1740	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1740

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76.dll
2⤵
PID:1520

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download
memory/1740-54-0x000007FEFC3C1000-0x000007FEFC3C3000-memory.dmp

Filesize
8KB

Download