530264d00763fe8b1d1d091d94819ca11101be55b1c049beedf9f8e9f544cbdd | Triage

Analysis

max time kernel
42s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
17-04-2022 07:05

Sharing

Report Analysis Logs

General

Target

530264d00763fe8b1d1d091d94819ca11101be55b1c049beedf9f8e9f544cbdd.dll
Size

219KB
MD5

d81525fba46c0b161d541281bf1f6665
SHA1

8e7de9b170ae08b6e9f594bfa738267cdf2640d8
SHA256

530264d00763fe8b1d1d091d94819ca11101be55b1c049beedf9f8e9f544cbdd
SHA512

023aa4a1b5005752574ec1db75d75f7be9782616cb737c752902e0f092b48b52a0d8a1c7bc7714e260c0b4eb611fe366e176683edd530d61d5ac8b09f5c56a05

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1996 wrote to memory of 1652	1996	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 1652	1996	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 1652	1996	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 1652	1996	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 1652	1996	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 1652	1996	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 1652	1996	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\530264d00763fe8b1d1d091d94819ca11101be55b1c049beedf9f8e9f544cbdd.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\530264d00763fe8b1d1d091d94819ca11101be55b1c049beedf9f8e9f544cbdd.dll
2⤵
PID:1652

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1652-55-0x0000000000000000-mapping.dmp

Download
memory/1652-56-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download
memory/1996-54-0x000007FEFBFD1000-0x000007FEFBFD3000-memory.dmp

Filesize
8KB

Download