Analysis
-
max time kernel
82s -
max time network
121s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:41
Static task
static1
Behavioral task
behavioral1
Sample
643787b6394d03473b7bb519565a41900815f3d61249bb16c7873269c7569472.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
643787b6394d03473b7bb519565a41900815f3d61249bb16c7873269c7569472.dll
-
Size
574KB
-
MD5
26645f3b3af137d3077c88cc1390295c
-
SHA1
598e887fd163559e8e478ed6555e81910bff8259
-
SHA256
643787b6394d03473b7bb519565a41900815f3d61249bb16c7873269c7569472
-
SHA512
effe60e63ee806408dd2f8b1225d6e49cb3c359b1400f5f3eda5483f4879508f8f4b67f27bd20a10f7043baed0223aac78ae6a969597fd32f8f1d3fb712be372
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3176 wrote to memory of 4072 3176 regsvr32.exe regsvr32.exe PID 3176 wrote to memory of 4072 3176 regsvr32.exe regsvr32.exe PID 3176 wrote to memory of 4072 3176 regsvr32.exe regsvr32.exe PID 4072 wrote to memory of 3472 4072 regsvr32.exe rundll32.exe PID 4072 wrote to memory of 3472 4072 regsvr32.exe rundll32.exe PID 4072 wrote to memory of 3472 4072 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\643787b6394d03473b7bb519565a41900815f3d61249bb16c7873269c7569472.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\643787b6394d03473b7bb519565a41900815f3d61249bb16c7873269c7569472.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\643787b6394d03473b7bb519565a41900815f3d61249bb16c7873269c7569472.dll",DllRegisterServer3⤵