a40f108c6fb577966b23472097f117b876ea3f7b6439be85e57fe29bb6ee5749 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:42

Sharing

Report Analysis Logs

General

Target

a40f108c6fb577966b23472097f117b876ea3f7b6439be85e57fe29bb6ee5749.dll
Size

574KB
MD5

ad1765b1712e36afa254ae29283b5963
SHA1

935911cb0a92b2c60493e447477b9535ecf3d394
SHA256

a40f108c6fb577966b23472097f117b876ea3f7b6439be85e57fe29bb6ee5749
SHA512

06cd5a751bc7227c92cba1f351950c55704df88f1c2e515f3bb0dfd3a3ce68f4ed1287b1c5a2f84aacae39c8eb64138b454fc30c89ab3a64917419ac42f2cd28

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2760 wrote to memory of 2784	2760	regsvr32.exe	regsvr32.exe
PID 2760 wrote to memory of 2784	2760	regsvr32.exe	regsvr32.exe
PID 2760 wrote to memory of 2784	2760	regsvr32.exe	regsvr32.exe
PID 2784 wrote to memory of 3748	2784	regsvr32.exe	rundll32.exe
PID 2784 wrote to memory of 3748	2784	regsvr32.exe	rundll32.exe
PID 2784 wrote to memory of 3748	2784	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a40f108c6fb577966b23472097f117b876ea3f7b6439be85e57fe29bb6ee5749.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2760

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a40f108c6fb577966b23472097f117b876ea3f7b6439be85e57fe29bb6ee5749.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2784

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\a40f108c6fb577966b23472097f117b876ea3f7b6439be85e57fe29bb6ee5749.dll",DllRegisterServer
3⤵
PID:3748

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2784-115-0x0000000000000000-mapping.dmp

Download
memory/2784-117-0x0000000003005000-0x0000000003006000-memory.dmp

Filesize
4KB

Download
memory/2784-116-0x0000000002FE1000-0x0000000003005000-memory.dmp

Filesize
144KB

Download
memory/3748-118-0x0000000000000000-mapping.dmp

Download