4f0066b3a94a37a1bb9f13d4ad953b45b761635c0dac4418a8524deffa4c2bc0 | Triage

Analysis

max time kernel
121s
max time network
130s
platform
windows10_x64
resource
win10-en-20211014
submitted
02-12-2021 11:14

Sharing

Report Analysis Logs

General

Target

loader_260212_3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071.dll
Size

42KB
MD5

f064bbc17ecabfe4d5122c24f64d1459
SHA1

554e022ea2b52a679da260cf3fd799e90b4fed9e
SHA256

3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071
SHA512

73585fac40c4b2046e7612348a3f3e8a78017b069cb05893135f8619394f219efa048d9b07590598207cfa3a9c8cabc53760cb794349d458216a444e80eb817b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3380 wrote to memory of 3328	3380	regsvr32.exe	regsvr32.exe
PID 3380 wrote to memory of 3328	3380	regsvr32.exe	regsvr32.exe
PID 3380 wrote to memory of 3328	3380	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\loader_260212_3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3380

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\loader_260212_3ce9df2272bb98916f215be5a0943ed0fc06f72eca3bed2385aacc7c1b4c6071.dll
2⤵
PID:3328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3328-116-0x0000000000000000-mapping.dmp

Download