05cd4fa7cd62d526fb1e3a36eaccc52e64c932c262405a371f88ffd496c67052 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:37

Sharing

Report Analysis Logs

General

Target

05cd4fa7cd62d526fb1e3a36eaccc52e64c932c262405a371f88ffd496c67052.dll
Size

574KB
MD5

0505d62f81f992a4315570770e75286c
SHA1

edfe4b0197a39e890bf5f04e716d303d04c22f8f
SHA256

05cd4fa7cd62d526fb1e3a36eaccc52e64c932c262405a371f88ffd496c67052
SHA512

2b0e6ea9907fd65590ab9e8ddf49f79c82196d8b14a5226f34368039d229fded5dfc332773b9e9a93c0844385e7f5279cdc826d73edca1316781336c4172c1f1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2680 wrote to memory of 2708	2680	regsvr32.exe	regsvr32.exe
PID 2680 wrote to memory of 2708	2680	regsvr32.exe	regsvr32.exe
PID 2680 wrote to memory of 2708	2680	regsvr32.exe	regsvr32.exe
PID 2708 wrote to memory of 1172	2708	regsvr32.exe	rundll32.exe
PID 2708 wrote to memory of 1172	2708	regsvr32.exe	rundll32.exe
PID 2708 wrote to memory of 1172	2708	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\05cd4fa7cd62d526fb1e3a36eaccc52e64c932c262405a371f88ffd496c67052.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2680

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\05cd4fa7cd62d526fb1e3a36eaccc52e64c932c262405a371f88ffd496c67052.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2708

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\05cd4fa7cd62d526fb1e3a36eaccc52e64c932c262405a371f88ffd496c67052.dll",DllRegisterServer
3⤵
PID:1172

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-118-0x0000000000000000-mapping.dmp

Download
memory/2708-115-0x0000000000000000-mapping.dmp

Download
memory/2708-116-0x00000000048F1000-0x0000000004915000-memory.dmp

Filesize
144KB

Download
memory/2708-117-0x0000000004915000-0x0000000004916000-memory.dmp

Filesize
4KB

Download