Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
13-11-2021 17:35
Static task
static1
Behavioral task
behavioral1
Sample
12f58b6560f5887c53b8e8e81dff635b11d98af9bd13e5c9472be685bba0134f.dll
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
12f58b6560f5887c53b8e8e81dff635b11d98af9bd13e5c9472be685bba0134f.dll
Resource
win10-en-20211104
windows10_x64
0 signatures
0 seconds
General
-
Target
12f58b6560f5887c53b8e8e81dff635b11d98af9bd13e5c9472be685bba0134f.dll
-
Size
64KB
-
MD5
85f4e6edb549d135f20cbb9ee12f5e9f
-
SHA1
bbe2ae57c81fa9955f8c8fa351f056cfc14a50c2
-
SHA256
12f58b6560f5887c53b8e8e81dff635b11d98af9bd13e5c9472be685bba0134f
-
SHA512
16d21c5cccbf65aabf9c0ac0ee253d3218694dfa0196ab4b10afb55ecd9e1f4059ec2053aa033187aab2d623ba1ad4e3e90b60738289d646f265dfbb44ce4cf0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3660 wrote to memory of 3568 3660 regsvr32.exe 69 PID 3660 wrote to memory of 3568 3660 regsvr32.exe 69 PID 3660 wrote to memory of 3568 3660 regsvr32.exe 69
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\12f58b6560f5887c53b8e8e81dff635b11d98af9bd13e5c9472be685bba0134f.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3660 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\12f58b6560f5887c53b8e8e81dff635b11d98af9bd13e5c9472be685bba0134f.dll2⤵PID:3568
-