Analysis
-
max time kernel
73s -
max time network
121s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:37
Static task
static1
Behavioral task
behavioral1
Sample
ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll
-
Size
574KB
-
MD5
71b9190e4bb6342e08cd0b150d6f1465
-
SHA1
e3c67b545fded250f1a03b9fa94cf90d156db93b
-
SHA256
ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b
-
SHA512
af05d805223869e8d55429234a51d6d218c119500a1ffed4fcbccaebd80465bce112b4192eacc75d969a0394f2d7d8dfa3870c305e73e9ed4567ae0954a797e4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3036 wrote to memory of 3828 3036 regsvr32.exe regsvr32.exe PID 3036 wrote to memory of 3828 3036 regsvr32.exe regsvr32.exe PID 3036 wrote to memory of 3828 3036 regsvr32.exe regsvr32.exe PID 3828 wrote to memory of 2352 3828 regsvr32.exe rundll32.exe PID 3828 wrote to memory of 2352 3828 regsvr32.exe rundll32.exe PID 3828 wrote to memory of 2352 3828 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ebfa0393fef306631c53ab660185a01fb11664951e13be7bddbdf84251ae464b.dll",DllRegisterServer3⤵