7eb76b1a82526ea31908107bc5ced0bd11454195d7a1a4f07b8e5b90e00da7db | Triage

Analysis

max time kernel
7s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
25-06-2022 17:33

Sharing

Report Analysis Logs

General

Target

7eb76b1a82526ea31908107bc5ced0bd11454195d7a1a4f07b8e5b90e00da7db.dll
Size

5.1MB
MD5

f3ec38b8d5a6e29db299e2eadacbcebe
SHA1

3716bc451c3263767765cb543ada4d5df205f1cd
SHA256

7eb76b1a82526ea31908107bc5ced0bd11454195d7a1a4f07b8e5b90e00da7db
SHA512

6761ac501ffdd7fd8e96eb9390a7243192d558d86ff6f9f7ca6d03ced52d38f176b55b18cc2437e5d40f45cf801253a3405a882b8f2416816e6834d991bf83cc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 968	1096	regsvr32.exe	27
PID 1096 wrote to memory of 968	1096	regsvr32.exe	27
PID 1096 wrote to memory of 968	1096	regsvr32.exe	27
PID 1096 wrote to memory of 968	1096	regsvr32.exe	27
PID 1096 wrote to memory of 968	1096	regsvr32.exe	27
PID 1096 wrote to memory of 968	1096	regsvr32.exe	27
PID 1096 wrote to memory of 968	1096	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7eb76b1a82526ea31908107bc5ced0bd11454195d7a1a4f07b8e5b90e00da7db.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7eb76b1a82526ea31908107bc5ced0bd11454195d7a1a4f07b8e5b90e00da7db.dll
  2⤵
  PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-56-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/1096-54-0x000007FEFBA61000-0x000007FEFBA63000-memory.dmp

Filesize
8KB

Download