Analysis
-
max time kernel
119s -
max time network
129s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:37
Static task
static1
Behavioral task
behavioral1
Sample
680fd15a362c269e99ab2d5174fa6f91ea60e1197986a8aacdd255a063dbf649.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
680fd15a362c269e99ab2d5174fa6f91ea60e1197986a8aacdd255a063dbf649.dll
-
Size
574KB
-
MD5
e8764ef5db81a6d4d1ca508ae42349b3
-
SHA1
c60eda343a0634469b40861b4d572b30bbd8e3b3
-
SHA256
680fd15a362c269e99ab2d5174fa6f91ea60e1197986a8aacdd255a063dbf649
-
SHA512
7a1a872b38213187f736d9784bf683d4a0ed040fa92247a39cfe66535d439b237d17b46b488ff89debd9386653e111152444d1ce1e60c2fc192599db54758925
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 4084 wrote to memory of 2476 4084 regsvr32.exe regsvr32.exe PID 4084 wrote to memory of 2476 4084 regsvr32.exe regsvr32.exe PID 4084 wrote to memory of 2476 4084 regsvr32.exe regsvr32.exe PID 2476 wrote to memory of 3320 2476 regsvr32.exe rundll32.exe PID 2476 wrote to memory of 3320 2476 regsvr32.exe rundll32.exe PID 2476 wrote to memory of 3320 2476 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\680fd15a362c269e99ab2d5174fa6f91ea60e1197986a8aacdd255a063dbf649.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\680fd15a362c269e99ab2d5174fa6f91ea60e1197986a8aacdd255a063dbf649.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\680fd15a362c269e99ab2d5174fa6f91ea60e1197986a8aacdd255a063dbf649.dll",DllRegisterServer3⤵