93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:42

Sharing

Report Analysis Logs

General

Target

93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75.dll
Size

574KB
MD5

9de617ef9e292fc16d7425d79ff11dbf
SHA1

2d7bde721a70ed3c81af60979a3bf1fc414321b3
SHA256

93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75
SHA512

f87dcc620411bffa3ad4f9d87f09a790710c7174a23013db4020cb03059b58ab627455c78abd3c18908e40dd92eeb55c92ddd82006d8a9261d92e6586f691dcf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2764 wrote to memory of 2800	2764	regsvr32.exe	regsvr32.exe
PID 2764 wrote to memory of 2800	2764	regsvr32.exe	regsvr32.exe
PID 2764 wrote to memory of 2800	2764	regsvr32.exe	regsvr32.exe
PID 2800 wrote to memory of 2184	2800	regsvr32.exe	rundll32.exe
PID 2800 wrote to memory of 2184	2800	regsvr32.exe	rundll32.exe
PID 2800 wrote to memory of 2184	2800	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2764

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2800

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75.dll",DllRegisterServer
3⤵
PID:2184

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-118-0x0000000000000000-mapping.dmp

Download
memory/2800-115-0x0000000000000000-mapping.dmp

Download
memory/2800-116-0x0000000000AE1000-0x0000000000B05000-memory.dmp

Filesize
144KB

Download
memory/2800-117-0x0000000000B05000-0x0000000000B06000-memory.dmp

Filesize
4KB

Download