1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94 | Triage

Analysis

max time kernel
4294180s
max time network
124s
platform
windows7_x64
resource
win7-20220311-en
submitted
17-03-2022 18:52

Sharing

Report Analysis Logs

General

Target

1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94.dll
Size

197KB
MD5

c72ae60648941e0812ff80ca8ec010a0
SHA1

977a8ba095724cdc15e5d427c9084fd8956359f3
SHA256

1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94
SHA512

19a635be1a9d5a8a19d0d2c0b8c57c4b4dde6f9bf2698f91719df4061be560dcbca2c2b27fbabd2ca32efc5fc3bdd7a7392da6d4f19c86074cab24fa7afbcadc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1924 wrote to memory of 1908	1924	regsvr32.exe	regsvr32.exe
PID 1924 wrote to memory of 1908	1924	regsvr32.exe	regsvr32.exe
PID 1924 wrote to memory of 1908	1924	regsvr32.exe	regsvr32.exe
PID 1924 wrote to memory of 1908	1924	regsvr32.exe	regsvr32.exe
PID 1924 wrote to memory of 1908	1924	regsvr32.exe	regsvr32.exe
PID 1924 wrote to memory of 1908	1924	regsvr32.exe	regsvr32.exe
PID 1924 wrote to memory of 1908	1924	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1924

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\1f634bbaf8d3b629a0c247c8d885f3da2323f447247914afe7d99ac4813b7e94.dll
2⤵
PID:1908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1908-55-0x00000000763D1000-0x00000000763D3000-memory.dmp

Filesize
8KB

Download
memory/1924-54-0x000007FEFBDE1000-0x000007FEFBDE3000-memory.dmp

Filesize
8KB

Download