Analysis
-
max time kernel
45s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
03-12-2022 05:58
Static task
static1
Behavioral task
behavioral1
Sample
bfa7197067ba7f41927cf8e03b8f7fe9481c704f51e97b8f89c7ec34edac5f25.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
bfa7197067ba7f41927cf8e03b8f7fe9481c704f51e97b8f89c7ec34edac5f25.dll
Resource
win10v2004-20220812-en
General
-
Target
bfa7197067ba7f41927cf8e03b8f7fe9481c704f51e97b8f89c7ec34edac5f25.dll
-
Size
588KB
-
MD5
5825df2bc8df23f91d5f10c07743b720
-
SHA1
4622f155fff03dec35aff67e97024776555853b7
-
SHA256
bfa7197067ba7f41927cf8e03b8f7fe9481c704f51e97b8f89c7ec34edac5f25
-
SHA512
3b3e79537c09b6b0f77419f2662f33e943706db40b8364f0ed82b9274edff9ef8fbdee4eceabb1e90cb15be70487989cda7a576bf446c755b062c4a9a8759ffe
-
SSDEEP
768:28Ks4+8yaAYi20XZ9hAVFVqtKIZ+2fJcwqVETAz4HMBbsjjRGPZMoL0+V:8sMi2iG/DIZ+nVETAzFs1foP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1464 wrote to memory of 1528 1464 regsvr32.exe 26 PID 1464 wrote to memory of 1528 1464 regsvr32.exe 26 PID 1464 wrote to memory of 1528 1464 regsvr32.exe 26 PID 1464 wrote to memory of 1528 1464 regsvr32.exe 26 PID 1464 wrote to memory of 1528 1464 regsvr32.exe 26 PID 1464 wrote to memory of 1528 1464 regsvr32.exe 26 PID 1464 wrote to memory of 1528 1464 regsvr32.exe 26
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\bfa7197067ba7f41927cf8e03b8f7fe9481c704f51e97b8f89c7ec34edac5f25.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\bfa7197067ba7f41927cf8e03b8f7fe9481c704f51e97b8f89c7ec34edac5f25.dll2⤵PID:1528
-