fb23138d09b5b7f3bb0c6c0c4566c1ac0cfaa20554c23ae7f7870ee7cf8bfc1d | Triage

Analysis

max time kernel
83s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
18-04-2022 19:40

Sharing

Report Analysis Logs

General

Target

fb23138d09b5b7f3bb0c6c0c4566c1ac0cfaa20554c23ae7f7870ee7cf8bfc1d.dll
Size

29KB
MD5

243182adcf9191d25a77b8bf6cc7d0b5
SHA1

9ce8af5a2eedc4001a8933abf98636d138dfccb5
SHA256

fb23138d09b5b7f3bb0c6c0c4566c1ac0cfaa20554c23ae7f7870ee7cf8bfc1d
SHA512

39b34c080d4adbe4c732f7cf2d6d7c3907293e246ff0b641827bab983426e5d95a47b268fb70b1c44d7cae4ac04e77172bba1606f110d4824146564eeaf2ac9b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1160 wrote to memory of 4284	1160	regsvr32.exe	regsvr32.exe
PID 1160 wrote to memory of 4284	1160	regsvr32.exe	regsvr32.exe
PID 1160 wrote to memory of 4284	1160	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fb23138d09b5b7f3bb0c6c0c4566c1ac0cfaa20554c23ae7f7870ee7cf8bfc1d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1160

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\fb23138d09b5b7f3bb0c6c0c4566c1ac0cfaa20554c23ae7f7870ee7cf8bfc1d.dll
2⤵
PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4284-130-0x0000000000000000-mapping.dmp

Download