Analysis
-
max time kernel
83s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
19-03-2022 08:09
Static task
static1
Behavioral task
behavioral1
Sample
db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
General
-
Target
db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll
-
Size
297KB
-
MD5
232c250165b98356b0c79bbcf746fe34
-
SHA1
89475dc297d9881eb80c6cd384816bfbf64edb7a
-
SHA256
db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e
-
SHA512
a0a5d5b93c8b0cde5cff217d5e3b9aef65e1a5bb29f300265aa638cdb673bd950f072f752e4f931a724280e9640177e8cf6c6d715ea35e2900e5e65841e485c9
Malware Config
Extracted
Family
systembc
C2
127-0-0-1.in:4001
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1516 wrote to memory of 2004 1516 regsvr32.exe regsvr32.exe PID 1516 wrote to memory of 2004 1516 regsvr32.exe regsvr32.exe PID 1516 wrote to memory of 2004 1516 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1516 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll2⤵PID:2004
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2004-130-0x0000000074BF0000-0x0000000074BF7000-memory.dmpFilesize
28KB