Overview

overview

1

Static

static

3e1e4648b9...99.dll

windows7-x64

1

3e1e4648b9...99.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2022 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e1e4648b9acd4d62c3dcd1fb16e5fff49446ee1e85897265c32021f52203c99.dll

  • Size

    107KB

  • MD5

    bb213a7c97cc9dd8b8b32f809b7faafd

  • SHA1

    f463e4535c1f8aede5785fea858d8e72113388f8

  • SHA256

    3e1e4648b9acd4d62c3dcd1fb16e5fff49446ee1e85897265c32021f52203c99

  • SHA512

    bd69aeaf4d2fda8fe5e178b12751842f5235aa1a96af9b1383a9af6348bc86844d4f227159f9a2a2c755ee0668e460bfd8c3faba3edecf4ea13d8cb30bdd34fd

  • SSDEEP

    1536:TY9nhGOYJQUh//m2AAx3kIsash96ckEfisc2TkUytgk4METYMNGl1E4/6QF7Uqxc:TYzfasPd3JTkUYgFTH5w6QRU0LY0K

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1376
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e1e4648b9acd4d62c3dcd1fb16e5fff49446ee1e85897265c32021f52203c99.dll
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:944
        • C:\Windows\SysWOW64\regsvr32.exe
          /s C:\Users\Admin\AppData\Local\Temp\3e1e4648b9acd4d62c3dcd1fb16e5fff49446ee1e85897265c32021f52203c99.dll
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/944-54-0x000007FEFC4E1000-0x000007FEFC4E3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1788-55-0x0000000000000000-mapping.dmp

      Download

    • memory/1788-56-0x0000000076411000-0x0000000076413000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1788-57-0x0000000000510000-0x0000000000531000-memory.dmp

      Filesize

      132KB

      Download