Analysis
-
max time kernel
52s -
max time network
137s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
14-05-2022 14:59
Static task
static1
General
-
Target
b5db7a6e39a94016cbbb235874b7c6d1ce75db3a3028fa6945587e4d8314f907.dll
-
Size
532KB
-
MD5
62d9c1e0f52acb679f59315008d99125
-
SHA1
e4e8958a3386d07ebbf83a5337ca0f0b6e8252f2
-
SHA256
b5db7a6e39a94016cbbb235874b7c6d1ce75db3a3028fa6945587e4d8314f907
-
SHA512
533b0ec414a158d54c431d6f8bbc6933f5c9bc6e03ac7f3384b2721c0920aae0e6e03440d016a2f5b6c973b78698139f88a7166d1b0bd0c85df473a59054ed61
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 392 regsvr32.exe 392 regsvr32.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
regsvr32.exepid process 3176 regsvr32.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
regsvr32.exedescription pid process target process PID 3176 wrote to memory of 392 3176 regsvr32.exe regsvr32.exe PID 3176 wrote to memory of 392 3176 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\b5db7a6e39a94016cbbb235874b7c6d1ce75db3a3028fa6945587e4d8314f907.dll1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\BwasY\fkWloddlNm.dll"2⤵
- Suspicious behavior: EnumeratesProcesses