6b900fd32cd93640009811c428a6566e4aa80c655681a01d036db2ba19143087

General

Target

nete1.dll
Size

413KB
MD5

3308b6fe23c58b0fd2d87d54d08de826
SHA1

fd8422b9130e571177e319d63d4c17b325dce0d4
SHA256

6b900fd32cd93640009811c428a6566e4aa80c655681a01d036db2ba19143087
SHA512

ae210a01145b377555af8ae2922a7174a37d0746427cb81009442324b41333d815eff960335765af587f300d53cfcd9196d16dbaf227f5e1d943959e8768aa8b

Score

10^/10

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

regsvr32.exe

description pid process target process

PID 636 created 3052 636 regsvr32.exe Explorer.EXE
Suspicious use of SetThreadContext 1 IoCs

Processes:

regsvr32.exe

description pid process target process

PID 636 set thread context of 944 636 regsvr32.exe chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

636 regsvr32.exe
636 regsvr32.exe

description	pid	process	target process
PID 636 created 3052	636	regsvr32.exe	Explorer.EXE

description	pid	process	target process
PID 636 set thread context of 944	636	regsvr32.exe	chrome.exe

pid	process
636	regsvr32.exe
636	regsvr32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe
PID 636 wrote to memory of 944	636	regsvr32.exe	chrome.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3052

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\nete1.dll
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
PID:944

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\nete1.dll"
1⤵
PID:3612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/636-114-0x0000000000EF0000-0x0000000000F2E000-memory.dmp

Filesize
248KB

Download
memory/944-115-0x00007FF61B810000-0x00007FF61BA55000-memory.dmp

Filesize
2.3MB

Download
memory/944-116-0x00007FF61BA277D8-mapping.dmp

Download
memory/944-117-0x00007FF61B810000-0x00007FF61BA55000-memory.dmp

Filesize
2.3MB

Download
memory/3612-118-0x0000000002890000-0x00000000028CE000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads