57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e
General
Target
Filesize
Completed
57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e.dll
574KB
15-01-2022 01:39
Score
1/10
MD5
SHA1
SHA256
2c6575fb4bac7423ddbdd86d8f2247ef
285f6999572cc585493a522becf91b3b7a8553da
57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 3588 wrote to memory of 4012 3588 regsvr32.exe regsvr32.exe PID 3588 wrote to memory of 4012 3588 regsvr32.exe regsvr32.exe PID 3588 wrote to memory of 4012 3588 regsvr32.exe regsvr32.exe PID 4012 wrote to memory of 3596 4012 regsvr32.exe rundll32.exe PID 4012 wrote to memory of 3596 4012 regsvr32.exe rundll32.exe PID 4012 wrote to memory of 3596 4012 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:3588regsvr32 /s C:\Users\Admin\AppData\Local\Temp\57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:4012/s C:\Users\Admin\AppData\Local\Temp\57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3596C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/3596-118-0x0000000000000000-mapping.dmp
-
memory/4012-115-0x0000000000000000-mapping.dmp
-
memory/4012-117-0x00000000033C5000-0x00000000033C6000-memory.dmp
-
memory/4012-116-0x00000000033A1000-0x00000000033C5000-memory.dmp
Title
Loading data