e636903dc4b58c4dfcd70076c7aed8212c85e899365f1a6c0fc38c326ea3105f | Triage

Analysis

max time kernel
111s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:37

Sharing

Report Analysis Logs

General

Target

e636903dc4b58c4dfcd70076c7aed8212c85e899365f1a6c0fc38c326ea3105f.dll
Size

574KB
MD5

cd2537bbc2bea01a40277d0ab96627d2
SHA1

122f58cbeefe02e02d45a4b3243de9beb889eff0
SHA256

e636903dc4b58c4dfcd70076c7aed8212c85e899365f1a6c0fc38c326ea3105f
SHA512

e115396ea015c33ebd4074e5f3c30f14dd44df7d0390b05a516f367c9e09a5d280a9c028621e5be61321bfec4c0652a3b8f19641a83230a1dd9f84273a4e6e30

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3500 wrote to memory of 3756	3500	regsvr32.exe	regsvr32.exe
PID 3500 wrote to memory of 3756	3500	regsvr32.exe	regsvr32.exe
PID 3500 wrote to memory of 3756	3500	regsvr32.exe	regsvr32.exe
PID 3756 wrote to memory of 3800	3756	regsvr32.exe	rundll32.exe
PID 3756 wrote to memory of 3800	3756	regsvr32.exe	rundll32.exe
PID 3756 wrote to memory of 3800	3756	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e636903dc4b58c4dfcd70076c7aed8212c85e899365f1a6c0fc38c326ea3105f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3500

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\e636903dc4b58c4dfcd70076c7aed8212c85e899365f1a6c0fc38c326ea3105f.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3756

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\e636903dc4b58c4dfcd70076c7aed8212c85e899365f1a6c0fc38c326ea3105f.dll",DllRegisterServer
3⤵
PID:3800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3756-115-0x0000000000000000-mapping.dmp

Download
memory/3756-116-0x0000000001021000-0x0000000001045000-memory.dmp

Filesize
144KB

Download
memory/3756-117-0x0000000001045000-0x0000000001046000-memory.dmp

Filesize
4KB

Download
memory/3800-118-0x0000000000000000-mapping.dmp

Download