e4c84c38ae6e57c391c76581d89c03ece9eb1769153ceaacba1cd503b75eb001 | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 21:41

Sharing

Report Analysis Logs

General

Target

Edor1.dll
Size

1.2MB
MD5

f65ecb9da48637f98a9b58490b2b8936
SHA1

4b60a68ef86997da124861c00cdeae58e778d30d
SHA256

e4c84c38ae6e57c391c76581d89c03ece9eb1769153ceaacba1cd503b75eb001
SHA512

e7eeec039127357b5aac72ac61ee3916b1f47c46aa661ae1f7ccbdf69eee9b7e31b73ed5525b70c066c02ee60594c2175cf0d2f755cf6ee5e5aaa861b4357482
SSDEEP

24576:uAqI6kQEv489a/ziBJ3o+9MnAb/Cxh97De3exDmHwvIUvI0Tt6TwkTh:u5IPC+jYaMArCxh97IexDmQvI/wt6TwO

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 1224	560	regsvr32.exe	28
PID 560 wrote to memory of 1224	560	regsvr32.exe	28
PID 560 wrote to memory of 1224	560	regsvr32.exe	28
PID 560 wrote to memory of 1224	560	regsvr32.exe	28
PID 560 wrote to memory of 1224	560	regsvr32.exe	28
PID 560 wrote to memory of 1224	560	regsvr32.exe	28
PID 560 wrote to memory of 1224	560	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Edor1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:560
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\Edor1.dll
  2⤵
  PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/560-54-0x000007FEFBB81000-0x000007FEFBB83000-memory.dmp

Filesize
8KB

Download
memory/1224-56-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download
memory/1224-57-0x000000006BAC0000-0x000000006BB0D000-memory.dmp

Filesize
308KB

Download
memory/1224-58-0x000000006BAC0000-0x000000006BB0D000-memory.dmp

Filesize
308KB

Download