b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48 | Triage

Analysis

max time kernel
86s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2022 06:56

Sharing

Report Analysis Logs

General

Target

b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48.dll
Size

580KB
MD5

4996d66bbab56a876179ee55dde4fc7e
SHA1

290925abbd06a5c78b7250fee1cc21ca7bbab547
SHA256

b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48
SHA512

315bb61bd78f31441e4184daf6fac4cf347604c3d2da54776ffce52a893e1f3cc7484f667eeb1afe01380713749b273776c72cc9cf8bddc50b7d03bf7997d719

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1540 wrote to memory of 1992	1540	regsvr32.exe	regsvr32.exe
PID 1540 wrote to memory of 1992	1540	regsvr32.exe	regsvr32.exe
PID 1540 wrote to memory of 1992	1540	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48.dll
  2⤵
  PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-130-0x0000000000000000-mapping.dmp

Download