ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b | Triage

Analysis

max time kernel
73s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:37

Sharing

Report Analysis Logs

General

Target

ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll
Size

574KB
MD5

71b9190e4bb6342e08cd0b150d6f1465
SHA1

e3c67b545fded250f1a03b9fa94cf90d156db93b
SHA256

ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b
SHA512

af05d805223869e8d55429234a51d6d218c119500a1ffed4fcbccaebd80465bce112b4192eacc75d969a0394f2d7d8dfa3870c305e73e9ed4567ae0954a797e4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3036 wrote to memory of 3828	3036	regsvr32.exe	regsvr32.exe
PID 3036 wrote to memory of 3828	3036	regsvr32.exe	regsvr32.exe
PID 3036 wrote to memory of 3828	3036	regsvr32.exe	regsvr32.exe
PID 3828 wrote to memory of 2352	3828	regsvr32.exe	rundll32.exe
PID 3828 wrote to memory of 2352	3828	regsvr32.exe	rundll32.exe
PID 3828 wrote to memory of 2352	3828	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3036

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3828

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll",DllRegisterServer
3⤵
PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2352-118-0x0000000000000000-mapping.dmp

Download
memory/3828-115-0x0000000000000000-mapping.dmp

Download
memory/3828-116-0x00000000033B1000-0x00000000033D5000-memory.dmp

Filesize
144KB

Download
memory/3828-117-0x00000000033D5000-0x00000000033D6000-memory.dmp

Filesize
4KB

Download