e9a2cd27030c34356b6c90b55bc2a096488c307b4a8c8b37fec25766f864a8d4 | Triage

Analysis

max time kernel
119s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:37

Sharing

Report Analysis Logs

General

Target

e9a2cd27030c34356b6c90b55bc2a096488c307b4a8c8b37fec25766f864a8d4.dll
Size

574KB
MD5

fdf6ae2f85aa93afb050f7a09234be85
SHA1

fbffc84c6eb4306b9b2da0fd7783d4e92822041a
SHA256

e9a2cd27030c34356b6c90b55bc2a096488c307b4a8c8b37fec25766f864a8d4
SHA512

b915bc72a53d414ba17391574dc3c0fa0ae05959e7b01f78206b79c4fb7cd99bd4bb3421c4bb7045d2300a0eadb1f63a979b3d04ce7ae1aaeb2089f7ff88938b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2672 wrote to memory of 2724	2672	regsvr32.exe	regsvr32.exe
PID 2672 wrote to memory of 2724	2672	regsvr32.exe	regsvr32.exe
PID 2672 wrote to memory of 2724	2672	regsvr32.exe	regsvr32.exe
PID 2724 wrote to memory of 3736	2724	regsvr32.exe	rundll32.exe
PID 2724 wrote to memory of 3736	2724	regsvr32.exe	rundll32.exe
PID 2724 wrote to memory of 3736	2724	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e9a2cd27030c34356b6c90b55bc2a096488c307b4a8c8b37fec25766f864a8d4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2672

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\e9a2cd27030c34356b6c90b55bc2a096488c307b4a8c8b37fec25766f864a8d4.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2724

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\e9a2cd27030c34356b6c90b55bc2a096488c307b4a8c8b37fec25766f864a8d4.dll",DllRegisterServer
3⤵
PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2724-118-0x0000000000000000-mapping.dmp

Download
memory/2724-120-0x0000000000E05000-0x0000000000E06000-memory.dmp

Filesize
4KB

Download
memory/2724-119-0x0000000000DE1000-0x0000000000E05000-memory.dmp

Filesize
144KB

Download
memory/3736-121-0x0000000000000000-mapping.dmp

Download