8c83761ff6db9119dd4ef56b38e8e71d24cffb724d96794fd91c8fa90e0eb156 | Triage

Analysis

max time kernel
110s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:41

Sharing

Report Analysis Logs

General

Target

8c83761ff6db9119dd4ef56b38e8e71d24cffb724d96794fd91c8fa90e0eb156.dll
Size

574KB
MD5

5f64742fe603fdc8c5db0321292f082a
SHA1

265c259a3003ffd0537523477842abeaa2eb1db8
SHA256

8c83761ff6db9119dd4ef56b38e8e71d24cffb724d96794fd91c8fa90e0eb156
SHA512

6bf08c3660472a22cb298d9aaf8ea60eab7423123dab912d0bb6c4d0842d065dcc4a4c0550e9664dabe30b749e0738bff2884bc4202d7c5c873f1622aaa93df4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2464 wrote to memory of 2512	2464	regsvr32.exe	regsvr32.exe
PID 2464 wrote to memory of 2512	2464	regsvr32.exe	regsvr32.exe
PID 2464 wrote to memory of 2512	2464	regsvr32.exe	regsvr32.exe
PID 2512 wrote to memory of 2880	2512	regsvr32.exe	rundll32.exe
PID 2512 wrote to memory of 2880	2512	regsvr32.exe	rundll32.exe
PID 2512 wrote to memory of 2880	2512	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8c83761ff6db9119dd4ef56b38e8e71d24cffb724d96794fd91c8fa90e0eb156.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2464

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\8c83761ff6db9119dd4ef56b38e8e71d24cffb724d96794fd91c8fa90e0eb156.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2512

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\8c83761ff6db9119dd4ef56b38e8e71d24cffb724d96794fd91c8fa90e0eb156.dll",DllRegisterServer
3⤵
PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2512-115-0x0000000000000000-mapping.dmp

Download
memory/2512-117-0x0000000004955000-0x0000000004956000-memory.dmp

Filesize
4KB

Download
memory/2512-116-0x0000000004931000-0x0000000004955000-memory.dmp

Filesize
144KB

Download
memory/2880-118-0x0000000000000000-mapping.dmp

Download