Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:41
Static task
static1
Behavioral task
behavioral1
Sample
f5a14071e672b262a5f84cd80061cd5fa4737620678aa697b636b0b4998b3a30.dll
Resource
win10-en-20211208
General
-
Target
f5a14071e672b262a5f84cd80061cd5fa4737620678aa697b636b0b4998b3a30.dll
-
Size
574KB
-
MD5
678d61969aac4c127655759f1663e50a
-
SHA1
0a6b5502cddc7b867da36f689e2f33fc089fb493
-
SHA256
f5a14071e672b262a5f84cd80061cd5fa4737620678aa697b636b0b4998b3a30
-
SHA512
0779d9a3d50d748feaf3ed123f8773ad1a81f16410cba1c59a237021839d4612180342ae71356fdd56faee7e0dffc15d576bd294c4a252e17e2e79c01caf66a3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 2704 wrote to memory of 2732 2704 regsvr32.exe regsvr32.exe PID 2704 wrote to memory of 2732 2704 regsvr32.exe regsvr32.exe PID 2704 wrote to memory of 2732 2704 regsvr32.exe regsvr32.exe PID 2732 wrote to memory of 3212 2732 regsvr32.exe rundll32.exe PID 2732 wrote to memory of 3212 2732 regsvr32.exe rundll32.exe PID 2732 wrote to memory of 3212 2732 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\f5a14071e672b262a5f84cd80061cd5fa4737620678aa697b636b0b4998b3a30.dll
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\f5a14071e672b262a5f84cd80061cd5fa4737620678aa697b636b0b4998b3a30.dll
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f5a14071e672b262a5f84cd80061cd5fa4737620678aa697b636b0b4998b3a30.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Replay Monitor
00:00
00:00