f5e32d8cb4e20067c81e07d381f081a4832c65c4e15467ab542be23e7c446b0c
General
Target
Filesize
Completed
f5e32d8cb4e20067c81e07d381f081a4832c65c4e15467ab542be23e7c446b0c.dll
574KB
15-01-2022 01:39
Score
1/10
MD5
SHA1
SHA256
3eafe95f4b66e1b5dbd79eff54c01a1f
9e2ff812d0142db5b889bdc8a0a95e8cdd6839d0
f5e32d8cb4e20067c81e07d381f081a4832c65c4e15467ab542be23e7c446b0c
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2608 wrote to memory of 2648 2608 regsvr32.exe regsvr32.exe PID 2608 wrote to memory of 2648 2608 regsvr32.exe regsvr32.exe PID 2608 wrote to memory of 2648 2608 regsvr32.exe regsvr32.exe PID 2648 wrote to memory of 3444 2648 regsvr32.exe rundll32.exe PID 2648 wrote to memory of 3444 2648 regsvr32.exe rundll32.exe PID 2648 wrote to memory of 3444 2648 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2608regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f5e32d8cb4e20067c81e07d381f081a4832c65c4e15467ab542be23e7c446b0c.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2648/s C:\Users\Admin\AppData\Local\Temp\f5e32d8cb4e20067c81e07d381f081a4832c65c4e15467ab542be23e7c446b0c.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3444C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f5e32d8cb4e20067c81e07d381f081a4832c65c4e15467ab542be23e7c446b0c.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2648-115-0x0000000000000000-mapping.dmp
-
memory/2648-116-0x0000000004F71000-0x0000000004F95000-memory.dmp
-
memory/2648-117-0x0000000004F95000-0x0000000004F96000-memory.dmp
-
memory/3444-118-0x0000000000000000-mapping.dmp
Title
Loading data