Analysis
-
max time kernel
36s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04-12-2022 17:53
Static task
static1
Behavioral task
behavioral1
Sample
c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a.dll
Resource
win10v2004-20220812-en
General
-
Target
c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a.dll
-
Size
128KB
-
MD5
898b862859338e3293bc108530313a8f
-
SHA1
1766aeb977be850518aaff023624fba50e63a5ac
-
SHA256
c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a
-
SHA512
45920e72d88d15b20d92468fde273502f995df33941b32fa83e621c53634219c51e92b53b4006f926ac019caf5fb59e131b6bcfffa49c036769743793604a388
-
SSDEEP
1536:AUgJ+bbg2rWyvmULwsQqdnITBNQIZnCLzs1A6:AyrWyv7wc8iItCLzs1H
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2000 wrote to memory of 1984 2000 regsvr32.exe regsvr32.exe PID 2000 wrote to memory of 1984 2000 regsvr32.exe regsvr32.exe PID 2000 wrote to memory of 1984 2000 regsvr32.exe regsvr32.exe PID 2000 wrote to memory of 1984 2000 regsvr32.exe regsvr32.exe PID 2000 wrote to memory of 1984 2000 regsvr32.exe regsvr32.exe PID 2000 wrote to memory of 1984 2000 regsvr32.exe regsvr32.exe PID 2000 wrote to memory of 1984 2000 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a.dll2⤵