c4f766ee2541187794388c24ac1578c1549cb43100d0bf734068824a76f7b4c8 | Triage

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220331-en
submitted
30-03-2022 00:18

Sharing

Report Analysis Logs

General

Target

c4f766ee2541187794388c24ac1578c1549cb43100d0bf734068824a76f7b4c8.dll
Size

346KB
MD5

74c3fda52b72ca758093473c44ff667f
SHA1

25f92d75689eab19b3bbf13cb71a597e280d442d
SHA256

c4f766ee2541187794388c24ac1578c1549cb43100d0bf734068824a76f7b4c8
SHA512

990ab6e6250cacd87eadb1d29efa0c9348aca137d6d9591ceff1f29cadb9489292ffe4826cabde00fe205421f543aee6d70cf9c4df73df949c075fa206937c1a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1968 wrote to memory of 996	1968	regsvr32.exe	regsvr32.exe
PID 1968 wrote to memory of 996	1968	regsvr32.exe	regsvr32.exe
PID 1968 wrote to memory of 996	1968	regsvr32.exe	regsvr32.exe
PID 1968 wrote to memory of 996	1968	regsvr32.exe	regsvr32.exe
PID 1968 wrote to memory of 996	1968	regsvr32.exe	regsvr32.exe
PID 1968 wrote to memory of 996	1968	regsvr32.exe	regsvr32.exe
PID 1968 wrote to memory of 996	1968	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c4f766ee2541187794388c24ac1578c1549cb43100d0bf734068824a76f7b4c8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1968

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c4f766ee2541187794388c24ac1578c1549cb43100d0bf734068824a76f7b4c8.dll
2⤵
PID:996

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/996-55-0x0000000000000000-mapping.dmp

Download
memory/996-56-0x0000000075AA1000-0x0000000075AA3000-memory.dmp

Filesize
8KB

Download
memory/1968-54-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

Filesize
8KB

Download