Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 10:23

General

  • Target

    0982c786a7269b1874b2dca685c35692fa25a1dbbdb53e8d7feaac024e6bc495.dll

  • Size

    1.1MB

  • MD5

    ae25b6084ddc8642e282a503e4682068

  • SHA1

    69a8f8188f697c0b6fce007a3ddaab148c012d60

  • SHA256

    0982c786a7269b1874b2dca685c35692fa25a1dbbdb53e8d7feaac024e6bc495

  • SHA512

    dd47423fd15d17f581bfb86f04c97f970d935855f21d6e43a3dbf462e79529c95f820610b71366dde1db2dab6d3edc13bd943c8d9b06b32684f0395d14a528d7

  • SSDEEP

    24576:CmMQMmZcMsBhiwHOfWrepFTERtXp4OOy6dmaQVVONX9R:CmMF1X9OfmepFIpsy+f

Score
6/10

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0982c786a7269b1874b2dca685c35692fa25a1dbbdb53e8d7feaac024e6bc495.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\0982c786a7269b1874b2dca685c35692fa25a1dbbdb53e8d7feaac024e6bc495.dll
      2⤵
      • Accesses Microsoft Outlook profiles
      • outlook_win_path
      PID:2612

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2612-132-0x0000000000000000-mapping.dmp

  • memory/2612-133-0x0000000002190000-0x00000000022B7000-memory.dmp

    Filesize

    1.2MB