afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2 | Triage

Resubmissions

07-07-2022 11:51

220707-n1m6qahha2 10

31-01-2022 06:31

220131-g95nssgge2 3

Analysis

max time kernel
30s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-07-2022 11:51

Sharing

Report Analysis Logs

General

Target

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
Size

3.1MB
MD5

7a5324615cbf70bad37c84cefb012e80
SHA1

ebbac85d574144f92e23829bea472f3aa43100fa
SHA256

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2
SHA512

2f715f203eae83c448e81c4cbd283638cf5c080dbb607c67a1545e417b4066c8fc23990409e500aa82c77630198d9069a7da45be90f055dd3f46c3be1a4ed2c1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 676 wrote to memory of 1464	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1464	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1464	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1464	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1464	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1464	676	regsvr32.exe	regsvr32.exe
PID 676 wrote to memory of 1464	676	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:676

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
2⤵
PID:1464

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/676-54-0x000007FEFBD01000-0x000007FEFBD03000-memory.dmp

Filesize
8KB

Download
memory/1464-55-0x0000000000000000-mapping.dmp

Download
memory/1464-56-0x0000000075EF1000-0x0000000075EF3000-memory.dmp

Filesize
8KB

Download