Overview

overview

10

Static

static

7872846234.zip

windows7-x64

1

7872846234.zip

windows10-2004-x64

1

DBUG.ps1

windows7-x64

1

DBUG.ps1

windows10-2004-x64

1

WinSupport...re.dll

windows7-x64

1

WinSupport...re.dll

windows10-2004-x64

1

WinSupport...32.dll

windows7-x64

1

WinSupport...32.dll

windows10-2004-x64

3

WinSupport...EK.dll

windows7-x64

1

WinSupport...EK.dll

windows10-2004-x64

1

WinSupport...32.dll

windows7-x64

1

WinSupport...32.dll

windows10-2004-x64

1

WinSupport...32.dll

windows7-x64

1

WinSupport...32.dll

windows10-2004-x64

1

WinSupport...32.exe

windows7-x64

10

WinSupport...32.exe

windows10-2004-x64

10

WinSupport...00.dll

windows7-x64

3

WinSupport...00.dll

windows10-2004-x64

3

WinSupport...pi.dll

windows7-x64

1

WinSupport...pi.dll

windows10-2004-x64

1

WinSupport...ub.exe

windows7-x64

1

WinSupport...ub.exe

windows10-2004-x64

1

LOCALES/MSAMRNBD.dll

windows7-x64

1

LOCALES/MSAMRNBD.dll

windows10-2004-x64

1

LOCALES/MSAMRNBE.dll

windows7-x64

1

LOCALES/MSAMRNBE.dll

windows10-2004-x64

1

LOCALES/MSAUDDEC.dll

windows7-x64

1

LOCALES/MSAUDDEC.dll

windows10-2004-x64

1

LOCALES/MSAUDITE.dll

windows7-x64

1

LOCALES/MSAUDITE.dll

windows10-2004-x64

1

LOCALES/PROTONVP.exe

windows7-x64

7

LOCALES/PROTONVP.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    100s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2022 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LOCALES/MSAMRNBE.dll

  • Size

    201KB

  • MD5

    312cc1a799f187bdd6872a44e94f51be

  • SHA1

    d9717ea3770959859bfd775f02fee7fbe1cf9214

  • SHA256

    f90cd8a5ab1200a8b9567fe183b91b2d0f5747d9895b4f1a2f2fdc24ee856d1f

  • SHA512

    b6fa6dfafe1bc6171b8fe1e2e0afbbc673bed52a7f101cfae634ae5bba912b6d288d736e2ef35032e4de917c0d10cb844b7767f45cf6fe10e22d6f6eda48f8f3

  • SSDEEP

    6144:Zratq0WGuUgMcPtHl6O5COtYzc7iJT9j:EtpWGgPTGc76j

Score
1/10

Malware Config

Signatures

  • Modifies registry class 13 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\LOCALES\MSAMRNBE.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3128
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\LOCALES\MSAMRNBE.dll
      2⤵
      • Modifies registry class
      PID:4112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4112-132-0x0000000000000000-mapping.dmp
    Download