365736ad3b9b9d61c7dd781029250ea2431d147a19d73b1d96a280e54be3f140 | Triage

Resubmissions

13-12-2021 12:26

211213-pmcy9sefhj 10

13-12-2021 12:18

211213-pgkrxsdef3 1

Analysis

max time kernel
138s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
13-12-2021 12:18

Sharing

Report Analysis Logs

General

Target

365736ad3b9b9d61c7dd781029250ea2431d147a19d73b1d96a280e54be3f140.bin.dll
Size

462KB
MD5

b2cb691bdf1080b1a50ca6449a0d712d
SHA1

c9b6e3bd3f7b1c77198c200f610b9ea59be6e350
SHA256

365736ad3b9b9d61c7dd781029250ea2431d147a19d73b1d96a280e54be3f140
SHA512

cd2cab39be2747df89973c1f6821149bb7d665b2984cf953b2ae9d6e966437493960577013cc59780bf219de13fd95a0d8e80b2a0d662bc4c741a827f7b4b1c3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3384 wrote to memory of 4076	3384	regsvr32.exe	regsvr32.exe
PID 3384 wrote to memory of 4076	3384	regsvr32.exe	regsvr32.exe
PID 3384 wrote to memory of 4076	3384	regsvr32.exe	regsvr32.exe
PID 4076 wrote to memory of 720	4076	regsvr32.exe	rundll32.exe
PID 4076 wrote to memory of 720	4076	regsvr32.exe	rundll32.exe
PID 4076 wrote to memory of 720	4076	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\365736ad3b9b9d61c7dd781029250ea2431d147a19d73b1d96a280e54be3f140.bin.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3384

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\365736ad3b9b9d61c7dd781029250ea2431d147a19d73b1d96a280e54be3f140.bin.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4076

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\365736ad3b9b9d61c7dd781029250ea2431d147a19d73b1d96a280e54be3f140.bin.dll",DllRegisterServer
3⤵
PID:720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/720-116-0x0000000000000000-mapping.dmp

Download
memory/4076-115-0x0000000000000000-mapping.dmp

Download
memory/4076-117-0x00000000029D0000-0x0000000002B1A000-memory.dmp

Filesize
1.3MB

Download