cde1b3a2db3b52546856e8c2354131d7642964313f719952963e2451f7399aab | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:37

Sharing

Report Analysis Logs

General

Target

cde1b3a2db3b52546856e8c2354131d7642964313f719952963e2451f7399aab.dll
Size

574KB
MD5

c53fec308a22fb7c6a5cc123b0c2b4e5
SHA1

dc38002ee7dc6fc1773d76223a6d77286d89315a
SHA256

cde1b3a2db3b52546856e8c2354131d7642964313f719952963e2451f7399aab
SHA512

ce390b73c9e227ff787da2a65c4611bdf651a90069494f26191837147e5bd54032633fb8c520d7a9540edbfce1c2365c8c28a8cdda26158162baade06b5a31dc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3972 wrote to memory of 3232	3972	regsvr32.exe	regsvr32.exe
PID 3972 wrote to memory of 3232	3972	regsvr32.exe	regsvr32.exe
PID 3972 wrote to memory of 3232	3972	regsvr32.exe	regsvr32.exe
PID 3232 wrote to memory of 516	3232	regsvr32.exe	rundll32.exe
PID 3232 wrote to memory of 516	3232	regsvr32.exe	rundll32.exe
PID 3232 wrote to memory of 516	3232	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cde1b3a2db3b52546856e8c2354131d7642964313f719952963e2451f7399aab.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3972

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\cde1b3a2db3b52546856e8c2354131d7642964313f719952963e2451f7399aab.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3232

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\cde1b3a2db3b52546856e8c2354131d7642964313f719952963e2451f7399aab.dll",DllRegisterServer
3⤵
PID:516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/516-118-0x0000000000000000-mapping.dmp

Download
memory/3232-115-0x0000000000000000-mapping.dmp

Download
memory/3232-117-0x0000000002C35000-0x0000000002C36000-memory.dmp

Filesize
4KB

Download
memory/3232-116-0x0000000002C11000-0x0000000002C35000-memory.dmp

Filesize
144KB

Download