84eda1c70305436d1f9567e274b95f6f3a22e0c9dfbb1b70b8a97febf9bb5d18 | Triage

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 02:20

Sharing

Report Analysis Logs

General

Target

files/Manager.dll
Size

682KB
MD5

517d2b385b846d6ea13b75b8adceb061
SHA1

3c54c9a49a8ddca02189fe15fea52fe24f41a86f
SHA256

a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec
SHA512

1de912f50b7f5cc2f4fcea7b6d3c84a39bd15d668122f50a9b11da66447ed99f456e86e006d0dfe7ab0fca7dc8e35efa7ff57959033463d94ef37e5705515430

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	Process	procid_target
PID 2136 wrote to memory of 4116	2136	regsvr32.exe	79
PID 2136 wrote to memory of 4116	2136	regsvr32.exe	79
PID 2136 wrote to memory of 4116	2136	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\files\Manager.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\files\Manager.dll
  2⤵
  PID:4116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4116-130-0x0000000000000000-mapping.dmp

Download