3d42caf16e051a5bb7dc5af18d48cdabc5edb4273ec672d2e1dad02fee0da1a9 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:41

Sharing

Report Analysis Logs

General

Target

3d42caf16e051a5bb7dc5af18d48cdabc5edb4273ec672d2e1dad02fee0da1a9.dll
Size

574KB
MD5

dc6141426af627cf19fb491a4d6c1f1e
SHA1

d5c711883a13d062d3828377e05313a006c4a779
SHA256

3d42caf16e051a5bb7dc5af18d48cdabc5edb4273ec672d2e1dad02fee0da1a9
SHA512

a6cf665e3c21441ea0f183e5a095e8cc5c6023daf8cf86bc94287308d71d833a7c7ad85a747ebe9c766f0d3ee211993f753ac9bd2cf19744c0bd264007e41e0a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2588 wrote to memory of 2612	2588	regsvr32.exe	regsvr32.exe
PID 2588 wrote to memory of 2612	2588	regsvr32.exe	regsvr32.exe
PID 2588 wrote to memory of 2612	2588	regsvr32.exe	regsvr32.exe
PID 2612 wrote to memory of 2692	2612	regsvr32.exe	rundll32.exe
PID 2612 wrote to memory of 2692	2612	regsvr32.exe	rundll32.exe
PID 2612 wrote to memory of 2692	2612	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3d42caf16e051a5bb7dc5af18d48cdabc5edb4273ec672d2e1dad02fee0da1a9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2588

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3d42caf16e051a5bb7dc5af18d48cdabc5edb4273ec672d2e1dad02fee0da1a9.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2612

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3d42caf16e051a5bb7dc5af18d48cdabc5edb4273ec672d2e1dad02fee0da1a9.dll",DllRegisterServer
3⤵
PID:2692

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2612-115-0x0000000000000000-mapping.dmp

Download
memory/2612-117-0x0000000002BF5000-0x0000000002BF6000-memory.dmp

Filesize
4KB

Download
memory/2612-116-0x0000000002BD1000-0x0000000002BF5000-memory.dmp

Filesize
144KB

Download
memory/2692-118-0x0000000000000000-mapping.dmp

Download