4e5b7483c9a49bf36b644f22c1c4daef732742affd15ffd20dda4de85260e581 | Triage

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220414-en
submitted
17-04-2022 07:05

Sharing

Report Analysis Logs

General

Target

4e5b7483c9a49bf36b644f22c1c4daef732742affd15ffd20dda4de85260e581.dll
Size

242KB
MD5

b0c76afe8c156ab68f90f1a481d180b3
SHA1

22e94a6d6b50bc8f9dd79464e2fa4eba16491049
SHA256

4e5b7483c9a49bf36b644f22c1c4daef732742affd15ffd20dda4de85260e581
SHA512

e9d3e15c45a57204b887b5cbe2ad671d76507fa273792dabe9f6eaf074ddb6ce79d69fee66e9c832eb3b83d4e7788521c1a75413470be1c726f6d3d3d97ddbec

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1860 wrote to memory of 1388	1860	regsvr32.exe	regsvr32.exe
PID 1860 wrote to memory of 1388	1860	regsvr32.exe	regsvr32.exe
PID 1860 wrote to memory of 1388	1860	regsvr32.exe	regsvr32.exe
PID 1860 wrote to memory of 1388	1860	regsvr32.exe	regsvr32.exe
PID 1860 wrote to memory of 1388	1860	regsvr32.exe	regsvr32.exe
PID 1860 wrote to memory of 1388	1860	regsvr32.exe	regsvr32.exe
PID 1860 wrote to memory of 1388	1860	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4e5b7483c9a49bf36b644f22c1c4daef732742affd15ffd20dda4de85260e581.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1860

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\4e5b7483c9a49bf36b644f22c1c4daef732742affd15ffd20dda4de85260e581.dll
2⤵
PID:1388

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-55-0x0000000000000000-mapping.dmp

Download
memory/1388-56-0x0000000075E41000-0x0000000075E43000-memory.dmp

Filesize
8KB

Download
memory/1860-54-0x000007FEFB851000-0x000007FEFB853000-memory.dmp

Filesize
8KB

Download