Overview

overview

1

Static

static

test2.dll

windows7-x64

1

test2.dll

windows10-2004-x64

1

Resubmissions

27-10-2022 16:06

221027-tj656acfg7 10

25-08-2022 16:02

220825-tg4bgsgbe7 1

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2022 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test2.dll

  • Size

    417KB

  • MD5

    bea60bab50d47f239132890a343ae84c

  • SHA1

    370ebd02e9284576d28ed8a114b767a2bd0d14fd

  • SHA256

    74b57e264dd84cbb7c4e1a7eb8a8dbdb932f01ac34e48e2e6d41ab82f05c682f

  • SHA512

    6b67946fa066139caafc6bac1bbdcf8c0e2d067194dca06cf93a54f6d6ad3f2620e1f27adf06e510f5dbeda0660576a3914164b1213a441da27af36267ed082a

  • SSDEEP

    6144:BkakVZKK4DiSqU2fEIj45A1Wkn6KLm1fEdkAdpqAeOhU1PQZukC3j+CH0sAW:XkXUCLcIj4S15RSJEdBdpYKUtQZu5zb

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\test2.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\system32\cmd.exe
      cmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\634.tmp
      2⤵
        PID:952
      • C:\Windows\system32\cmd.exe
        cmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\634.tmp
        2⤵
          PID:1596

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\634.tmp
        Filesize

        11B

        MD5

        a67f2061c697fd95f6b28d89b953a51f

        SHA1

        6730b864104f0840fcebf04383d2e3ef7c324a48

        SHA256

        d4bdd82a900fea52cbd442ce8cae201982392d3533d765bfceb7682bc2d16a79

        SHA512

        d9cc7c1593967dbcaf358bc9d394426d97baa7bb6ddeed1767b638c85aa814276eaa3609588b720cab3b2a0b3e36d1d3833dab3e75c9c1a92b8315db61a64cbe

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\634.tmp
        Filesize

        3KB

        MD5

        4b7ffa1d5b19f14224991d0900de0674

        SHA1

        79876b2333b0790ba8375786b02fb4e67ed5a541

        SHA256

        47ef41c4ee910e3e1b6695b3c2e499e2bcbbd0a46769d3c87f248ba4755310a5

        SHA512

        2d2286f1f8110c580cf0c8b8bac2283dc627ff7914610172900afe71777b4d7f53ceae8ee13224837b9856627ae5d9d219091f0827b5c317a2e0d450fe431010

        Download Submit

      • memory/2044-54-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2044-55-0x0000000180000000-0x0000000180013000-memory.dmp

        Filesize

        76KB

        Download