62ba0fc2c6b17854c89aec29308f3df5db06f2e40f807584f48e7d3a9c0394dc | Triage

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:15

Sharing

Report Analysis Logs

General

Target

62ba0fc2c6b17854c89aec29308f3df5db06f2e40f807584f48e7d3a9c0394dc.dll
Size

39KB
MD5

9af0c1b1b2b7882d9f14056202b5450e
SHA1

36076c3d4d837d58d10ec2128b9e2b91535a05ba
SHA256

62ba0fc2c6b17854c89aec29308f3df5db06f2e40f807584f48e7d3a9c0394dc
SHA512

4af8310176bfe31c63d0536a391ae9d26019d0214f5bfab6c9d67edb296f8e6fd52726079c25a73fc9cb9488ac88a41dde25c1741eadd9ba3a6790ae628614c1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1524 wrote to memory of 1268	1524	regsvr32.exe	regsvr32.exe
PID 1524 wrote to memory of 1268	1524	regsvr32.exe	regsvr32.exe
PID 1524 wrote to memory of 1268	1524	regsvr32.exe	regsvr32.exe
PID 1524 wrote to memory of 1268	1524	regsvr32.exe	regsvr32.exe
PID 1524 wrote to memory of 1268	1524	regsvr32.exe	regsvr32.exe
PID 1524 wrote to memory of 1268	1524	regsvr32.exe	regsvr32.exe
PID 1524 wrote to memory of 1268	1524	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\62ba0fc2c6b17854c89aec29308f3df5db06f2e40f807584f48e7d3a9c0394dc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1524

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\62ba0fc2c6b17854c89aec29308f3df5db06f2e40f807584f48e7d3a9c0394dc.dll
2⤵
PID:1268

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1268-56-0x0000000075AB1000-0x0000000075AB3000-memory.dmp

Filesize
8KB

Download
memory/1524-55-0x000007FEFB5B1000-0x000007FEFB5B3000-memory.dmp

Filesize
8KB

Download