Analysis
-
max time kernel
56s -
max time network
59s -
platform
windows10_x64 -
resource
win10-20220331-en -
submitted
11-04-2022 11:00
Behavioral task
behavioral1
Sample
DisReg.exe
Resource
win10-20220223-en
Behavioral task
behavioral2
Sample
DisReg.exe
Resource
win10v2004-20220331-en
Behavioral task
behavioral3
Sample
lib/basichttp.dll
Resource
win10-20220331-en
Behavioral task
behavioral4
Sample
lib/basichttp.dll
Resource
win10v2004-20220331-en
Behavioral task
behavioral5
Sample
lib/elevated.dll
Resource
win10-20220223-en
Behavioral task
behavioral6
Sample
lib/elevated.dll
Resource
win10v2004-20220331-en
Behavioral task
behavioral7
Sample
lib/extensions/AnyCaptchaCallbackHooker_Unpacked/generated/client/client.js
Resource
win10-20220331-en
Behavioral task
behavioral8
Sample
lib/extensions/AnyCaptchaCallbackHooker_Unpacked/generated/client/client.js
Resource
win10v2004-en-20220113
General
-
Target
lib/basichttp.dll
-
Size
55KB
-
MD5
52593febe8379ef288799a007c9e535c
-
SHA1
a9cea1120dcc5df55cc809c358ca20f8b58d891d
-
SHA256
9c4e033169ba17554d282f63375676b8a17e67685e0b7041fa331fbbe855ab74
-
SHA512
703bf273a39ba48eb050442b61e1c4c7901e378508f0fb6e5c22312fa7fb7537750ec516348b6730de58c9f8103eebb3c59522df9e4de2f8976d11792f0b592a
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2808 wrote to memory of 2328 2808 rundll32.exe rundll32.exe PID 2808 wrote to memory of 2328 2808 rundll32.exe rundll32.exe PID 2808 wrote to memory of 2328 2808 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2328-113-0x0000000000000000-mapping.dmp