5f8505acb78a963aaae1e8ecac11613cdf388b10634c53968f8b324623fd8644 | Triage

Analysis

max time kernel
121s
max time network
140s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:17

Sharing

Report Analysis Logs

General

Target

5f8505acb78a963aaae1e8ecac11613cdf388b10634c53968f8b324623fd8644.dll
Size

42KB
MD5

a81bcd214e3083d82bf38d3916331722
SHA1

18d5ad4ad4183a8a49c878725c9d78ac39a1372a
SHA256

5f8505acb78a963aaae1e8ecac11613cdf388b10634c53968f8b324623fd8644
SHA512

12ab4f48dae7181819c8f75490a52219f13a3fbd50f196e6b044cebac3a21417baf526e0d59e12d8973ebbfcfe7d67f09a96e9323c90c5e9d0af3f660363ee3a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1212 wrote to memory of 1684	1212	regsvr32.exe	regsvr32.exe
PID 1212 wrote to memory of 1684	1212	regsvr32.exe	regsvr32.exe
PID 1212 wrote to memory of 1684	1212	regsvr32.exe	regsvr32.exe
PID 1212 wrote to memory of 1684	1212	regsvr32.exe	regsvr32.exe
PID 1212 wrote to memory of 1684	1212	regsvr32.exe	regsvr32.exe
PID 1212 wrote to memory of 1684	1212	regsvr32.exe	regsvr32.exe
PID 1212 wrote to memory of 1684	1212	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5f8505acb78a963aaae1e8ecac11613cdf388b10634c53968f8b324623fd8644.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\5f8505acb78a963aaae1e8ecac11613cdf388b10634c53968f8b324623fd8644.dll
2⤵
PID:1684

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-54-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

Filesize
8KB

Download
memory/1684-55-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download