9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81 | Triage

Analysis

max time kernel
161s
max time network
174s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 06:45

Sharing

Report Analysis Logs

General

Target

9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81.dll
Size

10KB
MD5

df826d4fd50e435af9e86a04c2d25a7a
SHA1

8d3ae629bdcc8699aa1165aff22795d4c3d05875
SHA256

9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81
SHA512

29d85b0e9d01a2b1c745de88b54918c3b8b748dd51f3a8a2e6fbb2c18236d776190985c4f47a06d797c2ec431f5b66fdc727fd11250954b9818e92e684674658

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 756 wrote to memory of 908	756	regsvr32.exe	regsvr32.exe
PID 756 wrote to memory of 908	756	regsvr32.exe	regsvr32.exe
PID 756 wrote to memory of 908	756	regsvr32.exe	regsvr32.exe
PID 756 wrote to memory of 908	756	regsvr32.exe	regsvr32.exe
PID 756 wrote to memory of 908	756	regsvr32.exe	regsvr32.exe
PID 756 wrote to memory of 908	756	regsvr32.exe	regsvr32.exe
PID 756 wrote to memory of 908	756	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:756

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\9e69eca23b9f7829432d2cd9e76169db29df37dd25a2d700fb74332f282e9e81.dll
2⤵
PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/756-54-0x000007FEFC5C1000-0x000007FEFC5C3000-memory.dmp

Filesize
8KB

Download
memory/908-55-0x0000000000000000-mapping.dmp

Download
memory/908-56-0x0000000076C81000-0x0000000076C83000-memory.dmp

Filesize
8KB

Download