Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/11/2022, 07:26
Static task
static1
Behavioral task
behavioral1
Sample
6214d4a5f33371c92a890cc71f527304cd603e2a07cbb45875e7c7f89ad133ac.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
6214d4a5f33371c92a890cc71f527304cd603e2a07cbb45875e7c7f89ad133ac.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
6214d4a5f33371c92a890cc71f527304cd603e2a07cbb45875e7c7f89ad133ac.dll
-
Size
347KB
-
MD5
deebd4a8d78c22254c384d951b0be797
-
SHA1
18b7566671cc0a58150ceb4ffbe3dcc2e6746b56
-
SHA256
6214d4a5f33371c92a890cc71f527304cd603e2a07cbb45875e7c7f89ad133ac
-
SHA512
05f7985caa8d86e1493b7a0b979746de917cb9098631b3566a94c37cde268116e4fecb32a27c7ffa8a970af75149be0083cdbbd34ebd481f6eb5896e6fb7e78f
-
SSDEEP
6144:90kc/Pk5/zMNl5VcDQg2Vn9FJzh0hNy/KKfZytKjiQwWsjQo/eWP/qhX7fdIU:903/c/zMdANsn9Hzrrx3zsNmA/qN2U
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1628 regsvr32.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe 940 wermgr.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1628 regsvr32.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 1480 wrote to memory of 1628 1480 regsvr32.exe 27 PID 1480 wrote to memory of 1628 1480 regsvr32.exe 27 PID 1480 wrote to memory of 1628 1480 regsvr32.exe 27 PID 1480 wrote to memory of 1628 1480 regsvr32.exe 27 PID 1480 wrote to memory of 1628 1480 regsvr32.exe 27 PID 1480 wrote to memory of 1628 1480 regsvr32.exe 27 PID 1480 wrote to memory of 1628 1480 regsvr32.exe 27 PID 1628 wrote to memory of 940 1628 regsvr32.exe 28 PID 1628 wrote to memory of 940 1628 regsvr32.exe 28 PID 1628 wrote to memory of 940 1628 regsvr32.exe 28 PID 1628 wrote to memory of 940 1628 regsvr32.exe 28 PID 1628 wrote to memory of 940 1628 regsvr32.exe 28 PID 1628 wrote to memory of 940 1628 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\6214d4a5f33371c92a890cc71f527304cd603e2a07cbb45875e7c7f89ad133ac.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\6214d4a5f33371c92a890cc71f527304cd603e2a07cbb45875e7c7f89ad133ac.dll2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe3⤵
- Suspicious behavior: EnumeratesProcesses
PID:940
-
-