Analysis
-
max time kernel
144s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 02:48
Static task
static1
Behavioral task
behavioral1
Sample
f4a15d879615e86191c7ea698161194d3ab3af274ec9da00c39101916312d521.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f4a15d879615e86191c7ea698161194d3ab3af274ec9da00c39101916312d521.exe
Resource
win10v2004-20221111-en
General
-
Target
f4a15d879615e86191c7ea698161194d3ab3af274ec9da00c39101916312d521.exe
-
Size
333KB
-
MD5
7efa9ecb85bff39d6f25170bf909a507
-
SHA1
831b023beb5279ee36773747cc279f8fbb5ffe6e
-
SHA256
f4a15d879615e86191c7ea698161194d3ab3af274ec9da00c39101916312d521
-
SHA512
eb9655c73e4e66927bd62e55a577137fe3dd9056fa30752ea02ea28c86dd88b4d99f1fdd522d155e9a5789243b3432a4765b5bb90e4d8648ba3194a495019213
-
SSDEEP
6144:meNndXiUhC8k3H2eNLT1Q8RwNYGGmsKBdp9gubr0l9B5c3poS5PHbhoy9KLsQpi:meNdXiskWenHzrmsKBdp9gubr0l9B5cl
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2876 wrote to memory of 912 2876 regsvr32.exe 82 PID 2876 wrote to memory of 912 2876 regsvr32.exe 82 PID 2876 wrote to memory of 912 2876 regsvr32.exe 82
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\f4a15d879615e86191c7ea698161194d3ab3af274ec9da00c39101916312d521.exe1⤵
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\f4a15d879615e86191c7ea698161194d3ab3af274ec9da00c39101916312d521.exe2⤵PID:912
-