a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec | Triage

Analysis

max time kernel
4294182s
max time network
126s
platform
windows7_x64
resource
win7-20220223-en
submitted
09-03-2022 15:01

Sharing

Report Analysis Logs

General

Target

a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll
Size

682KB
MD5

517d2b385b846d6ea13b75b8adceb061
SHA1

3c54c9a49a8ddca02189fe15fea52fe24f41a86f
SHA256

a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec
SHA512

1de912f50b7f5cc2f4fcea7b6d3c84a39bd15d668122f50a9b11da66447ed99f456e86e006d0dfe7ab0fca7dc8e35efa7ff57959033463d94ef37e5705515430

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 956 wrote to memory of 1576	956	regsvr32.exe	regsvr32.exe
PID 956 wrote to memory of 1576	956	regsvr32.exe	regsvr32.exe
PID 956 wrote to memory of 1576	956	regsvr32.exe	regsvr32.exe
PID 956 wrote to memory of 1576	956	regsvr32.exe	regsvr32.exe
PID 956 wrote to memory of 1576	956	regsvr32.exe	regsvr32.exe
PID 956 wrote to memory of 1576	956	regsvr32.exe	regsvr32.exe
PID 956 wrote to memory of 1576	956	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll
  2⤵
  PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/956-54-0x000007FEFC321000-0x000007FEFC323000-memory.dmp

Filesize
8KB

Download
memory/1576-55-0x0000000076891000-0x0000000076893000-memory.dmp

Filesize
8KB

Download