57a446b26f9096d2e53c3cb201443b47419642bc05dcb1b89104cb9b0d97e776

General
Target

57a446b26f9096d2e53c3cb201443b47419642bc05dcb1b89104cb9b0d97e776.dll

Filesize

574KB

Completed

15-01-2022 01:39

Score
1/10
MD5

57e04c0fcb73efa2d37a332a4d55111e

SHA1

37dafa356a4c5169b48f3d3e53912b3671dbadc7

SHA256

57a446b26f9096d2e53c3cb201443b47419642bc05dcb1b89104cb9b0d97e776

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    regsvr32.exeregsvr32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 3836 wrote to memory of 34643836regsvr32.exeregsvr32.exe
    PID 3836 wrote to memory of 34643836regsvr32.exeregsvr32.exe
    PID 3836 wrote to memory of 34643836regsvr32.exeregsvr32.exe
    PID 3464 wrote to memory of 31643464regsvr32.exerundll32.exe
    PID 3464 wrote to memory of 31643464regsvr32.exerundll32.exe
    PID 3464 wrote to memory of 31643464regsvr32.exerundll32.exe
Processes 3
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\57a446b26f9096d2e53c3cb201443b47419642bc05dcb1b89104cb9b0d97e776.dll
    Suspicious use of WriteProcessMemory
    PID:3836
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\57a446b26f9096d2e53c3cb201443b47419642bc05dcb1b89104cb9b0d97e776.dll
      Suspicious use of WriteProcessMemory
      PID:3464
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\57a446b26f9096d2e53c3cb201443b47419642bc05dcb1b89104cb9b0d97e776.dll",DllRegisterServer
        PID:3164
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/3164-118-0x0000000000000000-mapping.dmp

                          • memory/3464-115-0x0000000000000000-mapping.dmp

                          • memory/3464-117-0x0000000002825000-0x0000000002826000-memory.dmp

                          • memory/3464-116-0x0000000002801000-0x0000000002825000-memory.dmp