Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29-11-2022 05:32
General
-
Target
8fdea66452c8038e45e6e80c8460862c9100a31d4d3aec7b70c52f51126d804c.dll
-
Size
144KB
-
MD5
53bf35ac1b476d6c13b5bfdbadb46213
-
SHA1
5cd3492fe5447bea357c360ecf12a5521867f547
-
SHA256
8fdea66452c8038e45e6e80c8460862c9100a31d4d3aec7b70c52f51126d804c
-
SHA512
aef7fddbd5874c76f5fccf35545599d3e1ff5d5e8d7ab94b1f15f85f919fe6563392d58c23deb55d1720fa201a872b2a960ef287b9d412f049df7a55f7b75b1f
-
SSDEEP
1536:4LsDsXdkGh3sEKGX2zjCsFcdikkV/+tVhle/9XkzDaCpfOAdbpIEBUH5elZ7nqDR:VDEdks3sEfVikbL7VvUHs7n/5etPT
Score
6/10
Malware Config
Signatures
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies registry class 5 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\8fdea66452c8038e45e6e80c8460862c9100a31d4d3aec7b70c52f51126d804c.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\8fdea66452c8038e45e6e80c8460862c9100a31d4d3aec7b70c52f51126d804c.dll2⤵
- Installs/modifies Browser Helper Object
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1480-54-0x000007FEFB991000-0x000007FEFB993000-memory.dmpFilesize
8KB
-
memory/1628-55-0x0000000000000000-mapping.dmp
-
memory/1628-56-0x0000000076201000-0x0000000076203000-memory.dmpFilesize
8KB