abe110fa439c85ddf99ad16c26344a9ca1db7f50dfc7730e4701b44750c8f8c9 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:40

Sharing

Report Analysis Logs

General

Target

abe110fa439c85ddf99ad16c26344a9ca1db7f50dfc7730e4701b44750c8f8c9.dll
Size

574KB
MD5

54e8e6a359128517e50efe0f1ca60318
SHA1

c1b45796ca129b8d8ebc2986c9c4f2303b4deffc
SHA256

abe110fa439c85ddf99ad16c26344a9ca1db7f50dfc7730e4701b44750c8f8c9
SHA512

b3fd70e5feddf95c39f7f0878f4a9d3c71b1a35fe0d5160b8174ed5527092f4031b21a7c9824d1bb39cf7f72443d2af92767ea1b7e76d19703a5db4bde4f647e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2512 wrote to memory of 2608	2512	regsvr32.exe	regsvr32.exe
PID 2512 wrote to memory of 2608	2512	regsvr32.exe	regsvr32.exe
PID 2512 wrote to memory of 2608	2512	regsvr32.exe	regsvr32.exe
PID 2608 wrote to memory of 3116	2608	regsvr32.exe	rundll32.exe
PID 2608 wrote to memory of 3116	2608	regsvr32.exe	rundll32.exe
PID 2608 wrote to memory of 3116	2608	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\abe110fa439c85ddf99ad16c26344a9ca1db7f50dfc7730e4701b44750c8f8c9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2512

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\abe110fa439c85ddf99ad16c26344a9ca1db7f50dfc7730e4701b44750c8f8c9.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2608

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\abe110fa439c85ddf99ad16c26344a9ca1db7f50dfc7730e4701b44750c8f8c9.dll",DllRegisterServer
3⤵
PID:3116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-115-0x0000000000000000-mapping.dmp

Download
memory/2608-117-0x0000000002DD5000-0x0000000002DD6000-memory.dmp

Filesize
4KB

Download
memory/2608-116-0x0000000002DB1000-0x0000000002DD5000-memory.dmp

Filesize
144KB

Download
memory/3116-118-0x0000000000000000-mapping.dmp

Download