54eb9f1f9ecae58508615cc2e9d2266b6cb2408b0b285eeb2eb49e87308fff7d | Triage

Analysis

max time kernel
23s
max time network
47s
platform
windows7_x64
resource
win7-20220331-en
submitted
30-03-2022 00:19

Sharing

Report Analysis Logs

General

Target

54eb9f1f9ecae58508615cc2e9d2266b6cb2408b0b285eeb2eb49e87308fff7d.dll
Size

346KB
MD5

1a29e018e97c8f2bf11bec011749b78d
SHA1

0e09fcd491143eed3b33ba2c6ffc8b943fccb3b8
SHA256

54eb9f1f9ecae58508615cc2e9d2266b6cb2408b0b285eeb2eb49e87308fff7d
SHA512

8747f7e32e9848a3d13e441301f7f790bbd0a202762e7ad8f547930d80f8dbefbe2473f1bcbc72322f5ca1fd68fd7db1b0fe3a22589fd8a1cd88f4df9eec9da4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2020 wrote to memory of 1228	2020	regsvr32.exe	regsvr32.exe
PID 2020 wrote to memory of 1228	2020	regsvr32.exe	regsvr32.exe
PID 2020 wrote to memory of 1228	2020	regsvr32.exe	regsvr32.exe
PID 2020 wrote to memory of 1228	2020	regsvr32.exe	regsvr32.exe
PID 2020 wrote to memory of 1228	2020	regsvr32.exe	regsvr32.exe
PID 2020 wrote to memory of 1228	2020	regsvr32.exe	regsvr32.exe
PID 2020 wrote to memory of 1228	2020	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\54eb9f1f9ecae58508615cc2e9d2266b6cb2408b0b285eeb2eb49e87308fff7d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\54eb9f1f9ecae58508615cc2e9d2266b6cb2408b0b285eeb2eb49e87308fff7d.dll
  2⤵
  PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1228-55-0x0000000000000000-mapping.dmp

Download
memory/1228-56-0x0000000076141000-0x0000000076143000-memory.dmp

Filesize
8KB

Download
memory/2020-54-0x000007FEFBDF1000-0x000007FEFBDF3000-memory.dmp

Filesize
8KB

Download