93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75
General
Target
Filesize
Completed
93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75.dll
574KB
15-01-2022 01:44
Score
1/10
MD5
SHA1
SHA256
9de617ef9e292fc16d7425d79ff11dbf
2d7bde721a70ed3c81af60979a3bf1fc414321b3
93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2764 wrote to memory of 2800 2764 regsvr32.exe regsvr32.exe PID 2764 wrote to memory of 2800 2764 regsvr32.exe regsvr32.exe PID 2764 wrote to memory of 2800 2764 regsvr32.exe regsvr32.exe PID 2800 wrote to memory of 2184 2800 regsvr32.exe rundll32.exe PID 2800 wrote to memory of 2184 2800 regsvr32.exe rundll32.exe PID 2800 wrote to memory of 2184 2800 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2764regsvr32 /s C:\Users\Admin\AppData\Local\Temp\93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2800/s C:\Users\Admin\AppData\Local\Temp\93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:2184C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\93bdd726a35fe367f144c8b175ae5a073438e533981e0c2c7753bd8bb5acac75.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2184-118-0x0000000000000000-mapping.dmp
-
memory/2800-115-0x0000000000000000-mapping.dmp
-
memory/2800-116-0x0000000000AE1000-0x0000000000B05000-memory.dmp
-
memory/2800-117-0x0000000000B05000-0x0000000000B06000-memory.dmp
Title
Loading data