0f636ca98aab74539b06036f03e10f69d658803a3f180b8f5897e972aa626102 | Triage

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:55

Sharing

Report Analysis Logs

General

Target

0f636ca98aab74539b06036f03e10f69d658803a3f180b8f5897e972aa626102.dll
Size

109KB
MD5

d04d2a5f304cc7a6c3583e65c4cefead
SHA1

b58c136b8ca58a4f3dbfd72154756dfd041d1315
SHA256

0f636ca98aab74539b06036f03e10f69d658803a3f180b8f5897e972aa626102
SHA512

62f0f2939235e4fac5c9af7ba3d686837b305714026d802a07cd6a5ce0d97f83042b5c006232dac19d4eebb7e6c8007c1ad6bb12b8d10d1ad42f2906a21d08dc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1396 wrote to memory of 804	1396	regsvr32.exe	regsvr32.exe
PID 1396 wrote to memory of 804	1396	regsvr32.exe	regsvr32.exe
PID 1396 wrote to memory of 804	1396	regsvr32.exe	regsvr32.exe
PID 1396 wrote to memory of 804	1396	regsvr32.exe	regsvr32.exe
PID 1396 wrote to memory of 804	1396	regsvr32.exe	regsvr32.exe
PID 1396 wrote to memory of 804	1396	regsvr32.exe	regsvr32.exe
PID 1396 wrote to memory of 804	1396	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0f636ca98aab74539b06036f03e10f69d658803a3f180b8f5897e972aa626102.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1396

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0f636ca98aab74539b06036f03e10f69d658803a3f180b8f5897e972aa626102.dll
2⤵
PID:804

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/804-56-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download
memory/1396-55-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

Filesize
8KB

Download