7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e | Triage

Analysis

max time kernel
34s
max time network
39s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-04-2022 13:32

Sharing

Report Analysis Logs

General

Target

7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e.dll
Size

219KB
MD5

f5f8b92ca19e43e9893315104b473892
SHA1

97c1abd2e97ed3116d26ead856ab296ec9e298cb
SHA256

7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e
SHA512

541039d91d5b3c1a918f3c17aa4b338d211c7e45b48ced020d89d6fa159614b83f91b5c8cd7ba4f4ede46938f05018c12ecc06f1e320fd52e1684607b4a86b77

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1976 wrote to memory of 1928	1976	regsvr32.exe	regsvr32.exe
PID 1976 wrote to memory of 1928	1976	regsvr32.exe	regsvr32.exe
PID 1976 wrote to memory of 1928	1976	regsvr32.exe	regsvr32.exe
PID 1976 wrote to memory of 1928	1976	regsvr32.exe	regsvr32.exe
PID 1976 wrote to memory of 1928	1976	regsvr32.exe	regsvr32.exe
PID 1976 wrote to memory of 1928	1976	regsvr32.exe	regsvr32.exe
PID 1976 wrote to memory of 1928	1976	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1976

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e.dll
2⤵
PID:1928

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-55-0x0000000000000000-mapping.dmp

Download
memory/1928-56-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download
memory/1976-54-0x000007FEFBFB1000-0x000007FEFBFB3000-memory.dmp

Filesize
8KB

Download