e74a21b1c60b337ce5d77c9812b372e89d0812a8a1fff6b0ed47a7e67f0e8e2d | Triage

Analysis

max time kernel
71s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-04-2022 19:14

Sharing

Report Analysis Logs

General

Target

e74a21b1c60b337ce5d77c9812b372e89d0812a8a1fff6b0ed47a7e67f0e8e2d.dll
Size

93KB
MD5

5138ac98e8307be170c2c4ffbc465a4d
SHA1

2393ab502d9c647b1a4415f61069c7e2bbc43ee4
SHA256

e74a21b1c60b337ce5d77c9812b372e89d0812a8a1fff6b0ed47a7e67f0e8e2d
SHA512

86cc9b10153e053fa8d8f5be3162faeebfc3e4857bc7fc65c4dbca94f80f5deac916b692ffc67aa1744f7f5332227abbde9d57fb1cb653ff9296c1906aa46e89

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1516 wrote to memory of 288	1516	regsvr32.exe	regsvr32.exe
PID 1516 wrote to memory of 288	1516	regsvr32.exe	regsvr32.exe
PID 1516 wrote to memory of 288	1516	regsvr32.exe	regsvr32.exe
PID 1516 wrote to memory of 288	1516	regsvr32.exe	regsvr32.exe
PID 1516 wrote to memory of 288	1516	regsvr32.exe	regsvr32.exe
PID 1516 wrote to memory of 288	1516	regsvr32.exe	regsvr32.exe
PID 1516 wrote to memory of 288	1516	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e74a21b1c60b337ce5d77c9812b372e89d0812a8a1fff6b0ed47a7e67f0e8e2d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1516

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\e74a21b1c60b337ce5d77c9812b372e89d0812a8a1fff6b0ed47a7e67f0e8e2d.dll
2⤵
PID:288

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/288-55-0x0000000000000000-mapping.dmp

Download
memory/288-56-0x00000000755A1000-0x00000000755A3000-memory.dmp

Filesize
8KB

Download
memory/1516-54-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

Filesize
8KB

Download