480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36 | Triage

Analysis

max time kernel
4294178s
max time network
123s
platform
windows7_x64
resource
win7-20220311-en
submitted
28-03-2022 15:01

Sharing

Report Analysis Logs

General

Target

480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36.dll
Size

68KB
MD5

0ed8dd2b31e36aa885b6b73fce19b030
SHA1

5a6b583b38bc199fe4347f21f7a470cb8ccc0788
SHA256

480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36
SHA512

7081e8141feaba43d6f556356329cdd126f5f557755eb85c870471c63f7565172b3505fc1d54b6ff470b1433d9f589e52271e5f5f2f566bb5db05b2e7219370b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 1812	1168	regsvr32.exe	27
PID 1168 wrote to memory of 1812	1168	regsvr32.exe	27
PID 1168 wrote to memory of 1812	1168	regsvr32.exe	27
PID 1168 wrote to memory of 1812	1168	regsvr32.exe	27
PID 1168 wrote to memory of 1812	1168	regsvr32.exe	27
PID 1168 wrote to memory of 1812	1168	regsvr32.exe	27
PID 1168 wrote to memory of 1812	1168	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36.dll
  2⤵
  PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1168-54-0x000007FEFBCB1000-0x000007FEFBCB3000-memory.dmp

Filesize
8KB

Download
memory/1812-56-0x00000000759B1000-0x00000000759B3000-memory.dmp

Filesize
8KB

Download