d09a9e5ccce56752e0576e3f43b7fe4d401c577399853ffa34b4cf765b10f15e | Triage

Resubmissions

06/04/2023, 23:03

230406-21qthafe84 10

13/03/2023, 11:50

230313-nzsd2scc6y 1

13/04/2022, 02:53

220413-ddal1adhf9 1

Analysis

max time kernel
4294179s
max time network
122s
platform
windows7_x64
resource
win7-20220310-en
submitted
13/04/2022, 02:53

Sharing

Report Analysis Logs

General

Target

dbghelp.dll
Size

242.9MB
MD5

31b00fe35cd795058e11e1bc2d8de272
SHA1

e25ebd7ea19dfc1948ac5e50e6166aa73bda5dca
SHA256

b253368444aba74db84589b6af2a5a0971a11c4129b220203870a4f5a82cd6fd
SHA512

ed213e2f0e8e40f2d828c9458fe6b50b4c44ecc0487bc924244b6957115e83737286ff7d082ab89ac11279f4075076b9f65d5d1841a07c0bcae337dd6310f443

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 1880	1088	regsvr32.exe	27
PID 1088 wrote to memory of 1880	1088	regsvr32.exe	27
PID 1088 wrote to memory of 1880	1088	regsvr32.exe	27
PID 1088 wrote to memory of 1880	1088	regsvr32.exe	27
PID 1088 wrote to memory of 1880	1088	regsvr32.exe	27
PID 1088 wrote to memory of 1880	1088	regsvr32.exe	27
PID 1088 wrote to memory of 1880	1088	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dbghelp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\dbghelp.dll
  2⤵
  PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1088-54-0x000007FEFC271000-0x000007FEFC273000-memory.dmp

Filesize
8KB

Download
memory/1880-56-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1880-57-0x0000000001EB0000-0x000000001119F000-memory.dmp

Filesize
242.9MB

Download