7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4 | Triage

Resubmissions

07-07-2022 11:52

220707-n1ty9sfhgm 10

12-05-2022 04:07

220512-epmldadbdp 1

Analysis

max time kernel
165s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-05-2022 04:07

Sharing

Report Analysis Logs

General

Target

7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
Size

603KB
MD5

f3e60f43ffae0656488bbea2861b0e31
SHA1

a3574879c1e0f8543571e22bf4f08ac784f69f54
SHA256

7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4
SHA512

397b4f0dbd720f4e62ccafd7e143f34e6d61f7fc131004aef64d1b769f712fe7b3cb10d657c9663e542098389b415ab834ce4a2bbe30c8bba655ce2c2c222615

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3140 wrote to memory of 2900	3140	regsvr32.exe	regsvr32.exe
PID 3140 wrote to memory of 2900	3140	regsvr32.exe	regsvr32.exe
PID 3140 wrote to memory of 2900	3140	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
  2⤵
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2900-130-0x0000000000000000-mapping.dmp

Download
memory/2900-131-0x0000000074FB0000-0x000000007504A000-memory.dmp

Filesize
616KB

Download