1217918e1a44e345abc29fddd90d2eddb83f056e30fc04c2cd3776aa35309d8e | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:37

Sharing

Report Analysis Logs

General

Target

1217918e1a44e345abc29fddd90d2eddb83f056e30fc04c2cd3776aa35309d8e.dll
Size

574KB
MD5

6d30e3f167f4bd805ff7661b423251f8
SHA1

d89f2d386e7b53b44cf3f8b2e6d11577ceb14e7d
SHA256

1217918e1a44e345abc29fddd90d2eddb83f056e30fc04c2cd3776aa35309d8e
SHA512

39a27b0c4c2613d66c224b16909db704d0546bf4c86739462b70e98bb5a3579a29473e4d753a13c8ac3485a22d13d72199a1347ce7a9c257b6c89be8e82cf2cd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3708 wrote to memory of 3704	3708	regsvr32.exe	regsvr32.exe
PID 3708 wrote to memory of 3704	3708	regsvr32.exe	regsvr32.exe
PID 3708 wrote to memory of 3704	3708	regsvr32.exe	regsvr32.exe
PID 3704 wrote to memory of 1200	3704	regsvr32.exe	rundll32.exe
PID 3704 wrote to memory of 1200	3704	regsvr32.exe	rundll32.exe
PID 3704 wrote to memory of 1200	3704	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1217918e1a44e345abc29fddd90d2eddb83f056e30fc04c2cd3776aa35309d8e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3708

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\1217918e1a44e345abc29fddd90d2eddb83f056e30fc04c2cd3776aa35309d8e.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3704

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\1217918e1a44e345abc29fddd90d2eddb83f056e30fc04c2cd3776aa35309d8e.dll",DllRegisterServer
3⤵
PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1200-118-0x0000000000000000-mapping.dmp

Download
memory/3704-115-0x0000000000000000-mapping.dmp

Download
memory/3704-116-0x0000000004BE1000-0x0000000004C05000-memory.dmp

Filesize
144KB

Download
memory/3704-117-0x0000000004C05000-0x0000000004C06000-memory.dmp

Filesize
4KB

Download