Analysis
-
max time kernel
2s -
max time network
6s -
platform
windows10-2004_x64 -
resource
win10v2004-20220331-en -
submitted
11-04-2022 11:00
Behavioral task
behavioral1
Sample
DisReg.exe
Resource
win10-20220223-en
Behavioral task
behavioral2
Sample
DisReg.exe
Resource
win10v2004-20220331-en
Behavioral task
behavioral3
Sample
lib/basichttp.dll
Resource
win10-20220331-en
Behavioral task
behavioral4
Sample
lib/basichttp.dll
Resource
win10v2004-20220331-en
Behavioral task
behavioral5
Sample
lib/elevated.dll
Resource
win10-20220223-en
Behavioral task
behavioral6
Sample
lib/elevated.dll
Resource
win10v2004-20220331-en
Behavioral task
behavioral7
Sample
lib/extensions/AnyCaptchaCallbackHooker_Unpacked/generated/client/client.js
Resource
win10-20220331-en
Behavioral task
behavioral8
Sample
lib/extensions/AnyCaptchaCallbackHooker_Unpacked/generated/client/client.js
Resource
win10v2004-en-20220113
General
-
Target
lib/basichttp.dll
-
Size
55KB
-
MD5
52593febe8379ef288799a007c9e535c
-
SHA1
a9cea1120dcc5df55cc809c358ca20f8b58d891d
-
SHA256
9c4e033169ba17554d282f63375676b8a17e67685e0b7041fa331fbbe855ab74
-
SHA512
703bf273a39ba48eb050442b61e1c4c7901e378508f0fb6e5c22312fa7fb7537750ec516348b6730de58c9f8103eebb3c59522df9e4de2f8976d11792f0b592a
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 8 wrote to memory of 4084 8 rundll32.exe rundll32.exe PID 8 wrote to memory of 4084 8 rundll32.exe rundll32.exe PID 8 wrote to memory of 4084 8 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4084-124-0x0000000000000000-mapping.dmp