d76cd6e30edf764b7f52233a759875bb89f52d9b0bb5511aa62907dcc2151167 | Triage

Analysis

max time kernel
110s
max time network
113s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:41

Sharing

Report Analysis Logs

General

Target

d76cd6e30edf764b7f52233a759875bb89f52d9b0bb5511aa62907dcc2151167.dll
Size

574KB
MD5

ae9f302a026503f39d927c0373a5c3ee
SHA1

a4cbdfd2578e2ffd2ceb48b07cdc4efc477b767b
SHA256

d76cd6e30edf764b7f52233a759875bb89f52d9b0bb5511aa62907dcc2151167
SHA512

0c10df97cd2602177f8029dd6b40a4d14e8a959e0f9c5b28821082862689c2f82abd7bfb6993dfa0865540c422ac3326bee2585fe211cdcfb5360e2e68758e09

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3592 wrote to memory of 3620	3592	regsvr32.exe	regsvr32.exe
PID 3592 wrote to memory of 3620	3592	regsvr32.exe	regsvr32.exe
PID 3592 wrote to memory of 3620	3592	regsvr32.exe	regsvr32.exe
PID 3620 wrote to memory of 2932	3620	regsvr32.exe	rundll32.exe
PID 3620 wrote to memory of 2932	3620	regsvr32.exe	rundll32.exe
PID 3620 wrote to memory of 2932	3620	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d76cd6e30edf764b7f52233a759875bb89f52d9b0bb5511aa62907dcc2151167.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3592

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\d76cd6e30edf764b7f52233a759875bb89f52d9b0bb5511aa62907dcc2151167.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3620

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\d76cd6e30edf764b7f52233a759875bb89f52d9b0bb5511aa62907dcc2151167.dll",DllRegisterServer
3⤵
PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-118-0x0000000000000000-mapping.dmp

Download
memory/3620-115-0x0000000000000000-mapping.dmp

Download
memory/3620-116-0x00000000007D1000-0x00000000007F5000-memory.dmp

Filesize
144KB

Download
memory/3620-117-0x00000000007F5000-0x00000000007F6000-memory.dmp

Filesize
4KB

Download