deeac6b58fdfe54d2fa8a032520a07afa1b8223ece56cb495a0889b9bf527a16 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:42

Sharing

Report Analysis Logs

General

Target

deeac6b58fdfe54d2fa8a032520a07afa1b8223ece56cb495a0889b9bf527a16.dll
Size

574KB
MD5

be5816dd508cc42772645be2abb60b53
SHA1

5a2d6e6da425fece032c0b7011ef8c5ca39ce2e5
SHA256

deeac6b58fdfe54d2fa8a032520a07afa1b8223ece56cb495a0889b9bf527a16
SHA512

0690da7cb02816b135301f30b5e33ef65562741b0e2568c3f18a0e3bdba30a16e0234d6eb917ee65f11e86a3beddcc1fa42fb6c14f817fd134f3aeaf1ec3edce

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3672 wrote to memory of 2616	3672	regsvr32.exe	regsvr32.exe
PID 3672 wrote to memory of 2616	3672	regsvr32.exe	regsvr32.exe
PID 3672 wrote to memory of 2616	3672	regsvr32.exe	regsvr32.exe
PID 2616 wrote to memory of 4016	2616	regsvr32.exe	rundll32.exe
PID 2616 wrote to memory of 4016	2616	regsvr32.exe	rundll32.exe
PID 2616 wrote to memory of 4016	2616	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\deeac6b58fdfe54d2fa8a032520a07afa1b8223ece56cb495a0889b9bf527a16.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3672

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\deeac6b58fdfe54d2fa8a032520a07afa1b8223ece56cb495a0889b9bf527a16.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2616

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\deeac6b58fdfe54d2fa8a032520a07afa1b8223ece56cb495a0889b9bf527a16.dll",DllRegisterServer
3⤵
PID:4016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2616-115-0x0000000000000000-mapping.dmp

Download
memory/2616-117-0x0000000000C85000-0x0000000000C86000-memory.dmp

Filesize
4KB

Download
memory/2616-116-0x0000000000C61000-0x0000000000C85000-memory.dmp

Filesize
144KB

Download
memory/4016-118-0x0000000000000000-mapping.dmp

Download