Overview

overview

8

Static

static

Political ...oc.lnk

windows7-x64

8

Political ...oc.lnk

windows10-2004-x64

8

_/___/_/__...32.dll

windows7-x64

1

_/___/_/__...32.dll

windows10-2004-x64

1

_/___/_/__...11.exe

windows7-x64

8

_/___/_/__...11.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    170s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-11-2022 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _/___/_/___/______/_____/__/ClassicExplorer32.dll

  • Size

    112KB

  • MD5

    6d6a0ca7c7343eedfffeb697229a4929

  • SHA1

    b8bc6878030e51c6726b8536473e396e75969462

  • SHA256

    8e27900949a087349488d82e7434937bd253d31749041bb0233000a7339fc3e1

  • SHA512

    40e9f5839637096de31b7a342fd8ef4c111725b65202ca8a5ab0d61f562d5c36dac2b347b82bb242cf56d8453b7c077043308652fd8e2e829370e6874f6793c4

  • SSDEEP

    3072:9xcDum8qFNKZ602pFSjhLZiGcxmpJ8yLRuMRN55OyL6mg:XrmbpFQ0Gcx0JnPMi6mg

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\_\___\_\___\______\_____\__\ClassicExplorer32.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3216
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\_\___\_\___\______\_____\__\ClassicExplorer32.dll
      2⤵
        PID:2552

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2552-132-0x0000000000000000-mapping.dmp

      Download