85351dbac3d56c1b994aa02a9e1d453366a237ac81e898a8aab762bb765a5962
General
Target
Filesize
Completed
85351dbac3d56c1b994aa02a9e1d453366a237ac81e898a8aab762bb765a5962.dll
574KB
15-01-2022 01:44
Score
1/10
MD5
SHA1
SHA256
fb6f55eddc512ce00aebb1d046f36b92
7105d8ea3c4d6bdb30b3f5732525dc119187bec8
85351dbac3d56c1b994aa02a9e1d453366a237ac81e898a8aab762bb765a5962
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2424 wrote to memory of 2512 2424 regsvr32.exe regsvr32.exe PID 2424 wrote to memory of 2512 2424 regsvr32.exe regsvr32.exe PID 2424 wrote to memory of 2512 2424 regsvr32.exe regsvr32.exe PID 2512 wrote to memory of 3068 2512 regsvr32.exe rundll32.exe PID 2512 wrote to memory of 3068 2512 regsvr32.exe rundll32.exe PID 2512 wrote to memory of 3068 2512 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2424regsvr32 /s C:\Users\Admin\AppData\Local\Temp\85351dbac3d56c1b994aa02a9e1d453366a237ac81e898a8aab762bb765a5962.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2512/s C:\Users\Admin\AppData\Local\Temp\85351dbac3d56c1b994aa02a9e1d453366a237ac81e898a8aab762bb765a5962.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3068C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\85351dbac3d56c1b994aa02a9e1d453366a237ac81e898a8aab762bb765a5962.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2512-115-0x0000000000000000-mapping.dmp
-
memory/2512-117-0x0000000000DE5000-0x0000000000DE6000-memory.dmp
-
memory/2512-116-0x0000000000DC1000-0x0000000000DE5000-memory.dmp
-
memory/3068-118-0x0000000000000000-mapping.dmp
Title
Loading data