ab7cb67e10fa492adf0808381a478b57505de9ad7f157ba8088d934695ec3bc2 | Triage

Analysis

max time kernel
119s
max time network
128s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:42

Sharing

Report Analysis Logs

General

Target

ab7cb67e10fa492adf0808381a478b57505de9ad7f157ba8088d934695ec3bc2.dll
Size

574KB
MD5

1b62b56fdccad64ce0f56c384459d511
SHA1

71d9e8a72bcfe92036ad6f78a9f2a8a4fa5ed2e3
SHA256

ab7cb67e10fa492adf0808381a478b57505de9ad7f157ba8088d934695ec3bc2
SHA512

eeb2652e0cdbb55003848085bd74d874d9608df3b21ee56960f4dd92d38966e53a898c0460aafbea073b248e1bee2a30397949ca2a0e7a13e9b61b9f82b748c7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 4084 wrote to memory of 2476	4084	regsvr32.exe	regsvr32.exe
PID 4084 wrote to memory of 2476	4084	regsvr32.exe	regsvr32.exe
PID 4084 wrote to memory of 2476	4084	regsvr32.exe	regsvr32.exe
PID 2476 wrote to memory of 880	2476	regsvr32.exe	rundll32.exe
PID 2476 wrote to memory of 880	2476	regsvr32.exe	rundll32.exe
PID 2476 wrote to memory of 880	2476	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ab7cb67e10fa492adf0808381a478b57505de9ad7f157ba8088d934695ec3bc2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4084

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ab7cb67e10fa492adf0808381a478b57505de9ad7f157ba8088d934695ec3bc2.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2476

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ab7cb67e10fa492adf0808381a478b57505de9ad7f157ba8088d934695ec3bc2.dll",DllRegisterServer
3⤵
PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/880-121-0x0000000000000000-mapping.dmp

Download
memory/2476-118-0x0000000000000000-mapping.dmp

Download
memory/2476-120-0x0000000004AD5000-0x0000000004AD6000-memory.dmp

Filesize
4KB

Download
memory/2476-119-0x0000000004AB1000-0x0000000004AD5000-memory.dmp

Filesize
144KB

Download