ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050 | Triage

Analysis

max time kernel
110s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
13-12-2021 06:52

Sharing

Report Analysis Logs

General

Target

tmp/ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe.dll
Size

52KB
MD5

0fd58bc7bddb0339f8ac4f200aa26652
SHA1

7335f8bc97329b67f00f05aefbac15fed2a1511b
SHA256

ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050
SHA512

9bdc7ccbdc77f39beb397c11184124f277308dd5a8a31df4156547c99cc86626c75db6b37dc45faa75951c25ef2e9af4b84497d8c0fcce9c634d87d282e9172b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2584 wrote to memory of 2776	2584	regsvr32.exe	regsvr32.exe
PID 2584 wrote to memory of 2776	2584	regsvr32.exe	regsvr32.exe
PID 2584 wrote to memory of 2776	2584	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\tmp\ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2584

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\tmp\ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe.dll
2⤵
PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2776-115-0x0000000000000000-mapping.dmp

Download