4dc6bb4dbd780ab998eb173a40eb0825d3c242cf0b8543b7a358136054cee2e1

General

Target

triage_dropped_file.dll
Size

413KB
MD5

c2a1e70791dc555e464697542357d011
SHA1

bcc241383070f155c3754b93169b2e3353976381
SHA256

4dc6bb4dbd780ab998eb173a40eb0825d3c242cf0b8543b7a358136054cee2e1
SHA512

e6f50830d1c06cdbad5af7107a45ddcad3bca35d6b531c6b41ace0b54af82bdea6fdbe3232bfde70c97db4c468e229eaeea4cebf9087998326b3bf3b817bf5ef

Score

10^/10

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

regsvr32.exe

description pid process target process

PID 3904 created 388 3904 regsvr32.exe Explorer.EXE
Suspicious use of SetThreadContext 1 IoCs

Processes:

regsvr32.exe

description pid process target process

PID 3904 set thread context of 4004 3904 regsvr32.exe chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

3904 regsvr32.exe
3904 regsvr32.exe

description	pid	process	target process
PID 3904 created 388	3904	regsvr32.exe	Explorer.EXE

description	pid	process	target process
PID 3904 set thread context of 4004	3904	regsvr32.exe	chrome.exe

pid	process
3904	regsvr32.exe
3904	regsvr32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe
PID 3904 wrote to memory of 4004	3904	regsvr32.exe	chrome.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:388

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\triage_dropped_file.dll
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
PID:4004

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\triage_dropped_file.dll"
1⤵
PID:1324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1324-118-0x00000000012E0000-0x000000000131E000-memory.dmp

Filesize
248KB

Download
memory/3904-114-0x0000000000AD0000-0x0000000000B0E000-memory.dmp

Filesize
248KB

Download
memory/4004-115-0x00007FF6DA280000-0x00007FF6DA4C5000-memory.dmp

Filesize
2.3MB

Download
memory/4004-116-0x00007FF6DA4977D8-mapping.dmp

Download
memory/4004-117-0x00007FF6DA280000-0x00007FF6DA4C5000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads