c0f3b27ae4f7db457a86a38244225cca35aa0960eb6a685ed350e99a36c32b61 | Triage

Analysis

max time kernel
58s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-05-2022 04:07

Sharing

Report Analysis Logs

General

Target

c0f3b27ae4f7db457a86a38244225cca35aa0960eb6a685ed350e99a36c32b61.dll
Size

1.2MB
MD5

a6d49b646ed61b91bcfe9c2170b258cd
SHA1

75c7cdddfbf538f51da8b74cbad11c302206750e
SHA256

c0f3b27ae4f7db457a86a38244225cca35aa0960eb6a685ed350e99a36c32b61
SHA512

18be0707af33a9c4e3b9c57e7c6a3a00b0a249acf606ccb7cc0d968a722637e8bfdc4f7d09da208cd9477ef915fd019ff171df8977c55481093c35d0ccf6a2cc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1652 wrote to memory of 1128	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1128	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1128	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1128	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1128	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1128	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1128	1652	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c0f3b27ae4f7db457a86a38244225cca35aa0960eb6a685ed350e99a36c32b61.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1652

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c0f3b27ae4f7db457a86a38244225cca35aa0960eb6a685ed350e99a36c32b61.dll
2⤵
PID:1128

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1128-55-0x0000000000000000-mapping.dmp

Download
memory/1128-56-0x00000000765C1000-0x00000000765C3000-memory.dmp

Filesize
8KB

Download
memory/1128-57-0x0000000074D00000-0x0000000074E30000-memory.dmp

Filesize
1.2MB

Download
memory/1652-54-0x000007FEFC1F1000-0x000007FEFC1F3000-memory.dmp

Filesize
8KB

Download