Overview

overview

1

Static

static

0fa38d62e1...c0.dll

windows7_x64

1

0fa38d62e1...c0.dll

windows10-2004_x64

1

Analysis

  • max time kernel
    151s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    07-04-2022 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fa38d62e10a8aae27e6624c29e94dc0.dll

  • Size

    1.2MB

  • MD5

    0fa38d62e10a8aae27e6624c29e94dc0

  • SHA1

    38eacb884c084f9e455e6e32002661a95bb7e4f5

  • SHA256

    1cdad75e7830e4ae946bb26c15be354676820710c2471d9ea6d24926fc0df86f

  • SHA512

    bb283a71face353a3cec670442ddef2b8eab5fcfe1d0893c7ed195880356f4181f1b56854a54e95174b518db7c72fa9e094954e81fa10149c6cfb3424b650419

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0fa38d62e10a8aae27e6624c29e94dc0.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\0fa38d62e10a8aae27e6624c29e94dc0.dll
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:4844
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3060-141-0x0000000000000000-mapping.dmp

    Download

  • memory/3060-142-0x00000000012C0000-0x000000000134F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/4844-134-0x0000000000000000-mapping.dmp

    Download

  • memory/4844-135-0x0000000010000000-0x000000001008F000-memory.dmp

    Filesize

    572KB

    Download