Analysis
-
max time kernel
114s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
16-11-2021 21:58
Behavioral task
behavioral1
Sample
3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071.dll
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071.dll
-
Size
42KB
-
MD5
f064bbc17ecabfe4d5122c24f64d1459
-
SHA1
554e022ea2b52a679da260cf3fd799e90b4fed9e
-
SHA256
3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071
-
SHA512
73585fac40c4b2046e7612348a3f3e8a78017b069cb05893135f8619394f219efa048d9b07590598207cfa3a9c8cabc53760cb794349d458216a444e80eb817b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2640 wrote to memory of 2688 2640 regsvr32.exe regsvr32.exe PID 2640 wrote to memory of 2688 2640 regsvr32.exe regsvr32.exe PID 2640 wrote to memory of 2688 2640 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2688-115-0x0000000000000000-mapping.dmp