48454c9e0efb9f66988f911f7e25d47f6ee6412f90983b86fc6b4b7bbf55b9ef | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:41

Sharing

Report Analysis Logs

General

Target

48454c9e0efb9f66988f911f7e25d47f6ee6412f90983b86fc6b4b7bbf55b9ef.dll
Size

574KB
MD5

0f550667522c41c95e6f468ac5c1c5f6
SHA1

f484ac76d8590fd73589fe8a909a5051cbc6cae8
SHA256

48454c9e0efb9f66988f911f7e25d47f6ee6412f90983b86fc6b4b7bbf55b9ef
SHA512

8378a9bd871ed67c2d421434b5fc0f37fe3c5cee68b9048b461d745367f376c46abafd695fece7f412384bf0c38e9f57965d1816eff7b3684c8f144c485adc4a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 528 wrote to memory of 680	528	regsvr32.exe	regsvr32.exe
PID 528 wrote to memory of 680	528	regsvr32.exe	regsvr32.exe
PID 528 wrote to memory of 680	528	regsvr32.exe	regsvr32.exe
PID 680 wrote to memory of 1136	680	regsvr32.exe	rundll32.exe
PID 680 wrote to memory of 1136	680	regsvr32.exe	rundll32.exe
PID 680 wrote to memory of 1136	680	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\48454c9e0efb9f66988f911f7e25d47f6ee6412f90983b86fc6b4b7bbf55b9ef.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:528

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\48454c9e0efb9f66988f911f7e25d47f6ee6412f90983b86fc6b4b7bbf55b9ef.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:680

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\48454c9e0efb9f66988f911f7e25d47f6ee6412f90983b86fc6b4b7bbf55b9ef.dll",DllRegisterServer
3⤵
PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/680-115-0x0000000000000000-mapping.dmp

Download
memory/680-117-0x0000000000AC5000-0x0000000000AC6000-memory.dmp

Filesize
4KB

Download
memory/680-116-0x0000000000AA1000-0x0000000000AC5000-memory.dmp

Filesize
144KB

Download
memory/1136-118-0x0000000000000000-mapping.dmp

Download