Analysis
-
max time kernel
111s -
max time network
130s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:42
Static task
static1
Behavioral task
behavioral1
Sample
01518d98837da641869060e50a5f5378794283c263c6d0204f1c926390eb27da.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
01518d98837da641869060e50a5f5378794283c263c6d0204f1c926390eb27da.dll
-
Size
574KB
-
MD5
4008ffe61698a75542187bcaf095b20b
-
SHA1
3a5a726fe0d855a506b76691aa38d8a69cbbc6b4
-
SHA256
01518d98837da641869060e50a5f5378794283c263c6d0204f1c926390eb27da
-
SHA512
516920a704e110bbb5e9e9bcf13f65d84682eb0e859f3cd52e329af3d0c9d2e850ad68e5c5bfb249c1cfca81c1654e89999540148da22ecc3523dce86e896272
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 2796 wrote to memory of 2840 2796 regsvr32.exe regsvr32.exe PID 2796 wrote to memory of 2840 2796 regsvr32.exe regsvr32.exe PID 2796 wrote to memory of 2840 2796 regsvr32.exe regsvr32.exe PID 2840 wrote to memory of 2900 2840 regsvr32.exe rundll32.exe PID 2840 wrote to memory of 2900 2840 regsvr32.exe rundll32.exe PID 2840 wrote to memory of 2900 2840 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\01518d98837da641869060e50a5f5378794283c263c6d0204f1c926390eb27da.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\01518d98837da641869060e50a5f5378794283c263c6d0204f1c926390eb27da.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\01518d98837da641869060e50a5f5378794283c263c6d0204f1c926390eb27da.dll",DllRegisterServer3⤵