57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e | Triage

Analysis

max time kernel
110s
max time network
115s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:37

Sharing

Report Analysis Logs

General

Target

57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e.dll
Size

574KB
MD5

2c6575fb4bac7423ddbdd86d8f2247ef
SHA1

285f6999572cc585493a522becf91b3b7a8553da
SHA256

57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e
SHA512

709e3c966d5a0529a019deb1963b13bad16b3b95dc75e9529e214aeebe0cef03e9615075ab58dc945ca3e38ac7260eeb3df28de4844d2acee3f0654ab8e973b4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3588 wrote to memory of 4012	3588	regsvr32.exe	regsvr32.exe
PID 3588 wrote to memory of 4012	3588	regsvr32.exe	regsvr32.exe
PID 3588 wrote to memory of 4012	3588	regsvr32.exe	regsvr32.exe
PID 4012 wrote to memory of 3596	4012	regsvr32.exe	rundll32.exe
PID 4012 wrote to memory of 3596	4012	regsvr32.exe	rundll32.exe
PID 4012 wrote to memory of 3596	4012	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3588

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4012

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\57c4d9ea7ea7da3b817edf6debe17a1ebb421f730822ba67b6c639c82ab3e54e.dll",DllRegisterServer
3⤵
PID:3596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3596-118-0x0000000000000000-mapping.dmp

Download
memory/4012-115-0x0000000000000000-mapping.dmp

Download
memory/4012-117-0x00000000033C5000-0x00000000033C6000-memory.dmp

Filesize
4KB

Download
memory/4012-116-0x00000000033A1000-0x00000000033C5000-memory.dmp

Filesize
144KB

Download