Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:37
Static task
static1
Behavioral task
behavioral1
Sample
08dcbf9d982485b7bd905b078c43c315e54a0a545493b5ac1178b4b3f0f03e3a.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
08dcbf9d982485b7bd905b078c43c315e54a0a545493b5ac1178b4b3f0f03e3a.dll
-
Size
574KB
-
MD5
150b76a644ec315bd3070f15564f4d95
-
SHA1
7ec0f042f7390ddd7b869d3ec700451eb1e1c790
-
SHA256
08dcbf9d982485b7bd905b078c43c315e54a0a545493b5ac1178b4b3f0f03e3a
-
SHA512
ff2f7ddc0be2802ed05492f382abe0d4e0334965ea653a50ced37883d73d271353b9acd7858895d90db495eea4e1429027558c8de207de7e367d03ddab8695a4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3672 wrote to memory of 3280 3672 regsvr32.exe regsvr32.exe PID 3672 wrote to memory of 3280 3672 regsvr32.exe regsvr32.exe PID 3672 wrote to memory of 3280 3672 regsvr32.exe regsvr32.exe PID 3280 wrote to memory of 868 3280 regsvr32.exe rundll32.exe PID 3280 wrote to memory of 868 3280 regsvr32.exe rundll32.exe PID 3280 wrote to memory of 868 3280 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\08dcbf9d982485b7bd905b078c43c315e54a0a545493b5ac1178b4b3f0f03e3a.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\08dcbf9d982485b7bd905b078c43c315e54a0a545493b5ac1178b4b3f0f03e3a.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\08dcbf9d982485b7bd905b078c43c315e54a0a545493b5ac1178b4b3f0f03e3a.dll",DllRegisterServer3⤵