cdfc273d2ae7dd9f0dc8a0fda6f73692c5e4256f0ab5dca5321a2541e6343a54 | Triage

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-06-2022 13:59

Sharing

Report Analysis Logs

General

Target

ab19f6f01c7e14df1556e786b9cfa57bb7c4a895c5c29782c90c2f366d5ed257.dll
Size

576KB
MD5

6846863de6df3ae7b4dd858aba31785e
SHA1

4fef40c3e5d4de26a7f945d2f754ab3cbfdf3591
SHA256

ab19f6f01c7e14df1556e786b9cfa57bb7c4a895c5c29782c90c2f366d5ed257
SHA512

260fa2ee04ea81b3fa53b4b30867b3d1a13eb670ae1a0d38d5b786980d7210d0ca86673e772f9d130e07e799f782c77b9bef70b31da80db4faf0b125eecdb269

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1972 wrote to memory of 1152	1972	regsvr32.exe	regsvr32.exe
PID 1972 wrote to memory of 1152	1972	regsvr32.exe	regsvr32.exe
PID 1972 wrote to memory of 1152	1972	regsvr32.exe	regsvr32.exe
PID 1972 wrote to memory of 1152	1972	regsvr32.exe	regsvr32.exe
PID 1972 wrote to memory of 1152	1972	regsvr32.exe	regsvr32.exe
PID 1972 wrote to memory of 1152	1972	regsvr32.exe	regsvr32.exe
PID 1972 wrote to memory of 1152	1972	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ab19f6f01c7e14df1556e786b9cfa57bb7c4a895c5c29782c90c2f366d5ed257.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ab19f6f01c7e14df1556e786b9cfa57bb7c4a895c5c29782c90c2f366d5ed257.dll
  2⤵
  PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-55-0x0000000000000000-mapping.dmp

Download
memory/1152-56-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1972-54-0x000007FEFB671000-0x000007FEFB673000-memory.dmp

Filesize
8KB

Download