f25862e2ae2bc1af4a3117c22317abac677b278645135013cdd43e47868d536b | Triage

Analysis

max time kernel
108s
max time network
112s
platform
windows10_x64
resource
win10v20201028
submitted
24-11-2020 15:20

Sharing

Report Analysis Logs

General

Target

nivude1.dll
Size

105KB
MD5

3ab20b297e3b7fd853b7544c5ad3f142
SHA1

37a2f9bdd672de1bfe7d55ac4b4c42ef9c63af83
SHA256

f25862e2ae2bc1af4a3117c22317abac677b278645135013cdd43e47868d536b
SHA512

0a32cae98c84f22739dce64e3200201acfd6799c5c289e92449014daa172a996a3186bdb8329d950ca271257abb23b36bb0b30ffabeb4c419b215e071ae1bef7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3988 wrote to memory of 864	3988	regsvr32.exe	regsvr32.exe
PID 3988 wrote to memory of 864	3988	regsvr32.exe	regsvr32.exe
PID 3988 wrote to memory of 864	3988	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\nivude1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3988

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\nivude1.dll
2⤵
PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/864-0-0x0000000000000000-mapping.dmp

Download