99a3947314e715eb2a0fd3edfdebb29e2e3aec540a642f455709795a6b7e75b8 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:38

Sharing

Report Analysis Logs

General

Target

99a3947314e715eb2a0fd3edfdebb29e2e3aec540a642f455709795a6b7e75b8.dll
Size

574KB
MD5

c71d4717592d4f4a2b46e57d969b463e
SHA1

54d75fd12799c5ebdbb4a5a327b5877b61047dda
SHA256

99a3947314e715eb2a0fd3edfdebb29e2e3aec540a642f455709795a6b7e75b8
SHA512

b13121922808792f511d4f37e15c3b2bdd544b7569589d68ba50eb022af94d44e15c5ebd33e640fe8d3dd396d0b8eccbcb7bf193ba533782af7f1c6159b434d7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3160 wrote to memory of 3992	3160	regsvr32.exe	regsvr32.exe
PID 3160 wrote to memory of 3992	3160	regsvr32.exe	regsvr32.exe
PID 3160 wrote to memory of 3992	3160	regsvr32.exe	regsvr32.exe
PID 3992 wrote to memory of 2444	3992	regsvr32.exe	rundll32.exe
PID 3992 wrote to memory of 2444	3992	regsvr32.exe	rundll32.exe
PID 3992 wrote to memory of 2444	3992	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\99a3947314e715eb2a0fd3edfdebb29e2e3aec540a642f455709795a6b7e75b8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3160

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\99a3947314e715eb2a0fd3edfdebb29e2e3aec540a642f455709795a6b7e75b8.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3992

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\99a3947314e715eb2a0fd3edfdebb29e2e3aec540a642f455709795a6b7e75b8.dll",DllRegisterServer
3⤵
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2444-118-0x0000000000000000-mapping.dmp

Download
memory/3992-115-0x0000000000000000-mapping.dmp

Download
memory/3992-117-0x0000000000ED5000-0x0000000000ED6000-memory.dmp

Filesize
4KB

Download
memory/3992-116-0x0000000000EB1000-0x0000000000ED5000-memory.dmp

Filesize
144KB

Download