777cbbb78aefafc91a42c7ee122cf8b8e2a913bf045d62021bb0bde8fb2ed890 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:41

Sharing

Report Analysis Logs

General

Target

777cbbb78aefafc91a42c7ee122cf8b8e2a913bf045d62021bb0bde8fb2ed890.dll
Size

574KB
MD5

e8529d2351ba846d86ba2ed50b76d85d
SHA1

8426596ee320783a07c8e2944626fdd35cb50283
SHA256

777cbbb78aefafc91a42c7ee122cf8b8e2a913bf045d62021bb0bde8fb2ed890
SHA512

138c2233d47bfbe995b280d2dc0b9ec4d19ea9b672fe36d4096a3e95a24a4fa4fc8c60707a1669a242fc18e56a485ee06a15066684978ec92326ea32bbcd952b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2544 wrote to memory of 2700	2544	regsvr32.exe	regsvr32.exe
PID 2544 wrote to memory of 2700	2544	regsvr32.exe	regsvr32.exe
PID 2544 wrote to memory of 2700	2544	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 2764	2700	regsvr32.exe	rundll32.exe
PID 2700 wrote to memory of 2764	2700	regsvr32.exe	rundll32.exe
PID 2700 wrote to memory of 2764	2700	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\777cbbb78aefafc91a42c7ee122cf8b8e2a913bf045d62021bb0bde8fb2ed890.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2544

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\777cbbb78aefafc91a42c7ee122cf8b8e2a913bf045d62021bb0bde8fb2ed890.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\777cbbb78aefafc91a42c7ee122cf8b8e2a913bf045d62021bb0bde8fb2ed890.dll",DllRegisterServer
3⤵
PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2700-116-0x0000000000000000-mapping.dmp

Download
memory/2700-118-0x0000000000635000-0x0000000000636000-memory.dmp

Filesize
4KB

Download
memory/2700-117-0x0000000000611000-0x0000000000635000-memory.dmp

Filesize
144KB

Download
memory/2764-119-0x0000000000000000-mapping.dmp

Download