7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4 | Triage

Resubmissions

07-07-2022 11:52

220707-n1ty9sfhgm 10

12-05-2022 04:07

220512-epmldadbdp 1

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-05-2022 04:07

Sharing

Report Analysis Logs

General

Target

7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
Size

603KB
MD5

f3e60f43ffae0656488bbea2861b0e31
SHA1

a3574879c1e0f8543571e22bf4f08ac784f69f54
SHA256

7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4
SHA512

397b4f0dbd720f4e62ccafd7e143f34e6d61f7fc131004aef64d1b769f712fe7b3cb10d657c9663e542098389b415ab834ce4a2bbe30c8bba655ce2c2c222615

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 1732	1032	regsvr32.exe	27
PID 1032 wrote to memory of 1732	1032	regsvr32.exe	27
PID 1032 wrote to memory of 1732	1032	regsvr32.exe	27
PID 1032 wrote to memory of 1732	1032	regsvr32.exe	27
PID 1032 wrote to memory of 1732	1032	regsvr32.exe	27
PID 1032 wrote to memory of 1732	1032	regsvr32.exe	27
PID 1032 wrote to memory of 1732	1032	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
  2⤵
  PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-54-0x000007FEFBE51000-0x000007FEFBE53000-memory.dmp

Filesize
8KB

Download
memory/1732-56-0x00000000758D1000-0x00000000758D3000-memory.dmp

Filesize
8KB

Download
memory/1732-57-0x00000000749F0000-0x0000000074A8A000-memory.dmp

Filesize
616KB

Download