Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:44
Static task
static1
Behavioral task
behavioral1
Sample
94ec99c214e960e3659208d061ea6b5a3ded57afe66b85e0314524e712e46d3f.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
94ec99c214e960e3659208d061ea6b5a3ded57afe66b85e0314524e712e46d3f.dll
-
Size
574KB
-
MD5
8cae84cdbfab74d4d42fbab5500c3f0d
-
SHA1
410fad7b472dc8090d1789e36be25f094f7af012
-
SHA256
94ec99c214e960e3659208d061ea6b5a3ded57afe66b85e0314524e712e46d3f
-
SHA512
3b687a345c0510954b57c0e675802e05c844c0c67bbb1556b8d69657b92876baa66e13a1ad1216a543ee0df3b721488811e4540184b7c95d380f1b99f556cf73
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 1204 wrote to memory of 1384 1204 regsvr32.exe regsvr32.exe PID 1204 wrote to memory of 1384 1204 regsvr32.exe regsvr32.exe PID 1204 wrote to memory of 1384 1204 regsvr32.exe regsvr32.exe PID 1384 wrote to memory of 504 1384 regsvr32.exe rundll32.exe PID 1384 wrote to memory of 504 1384 regsvr32.exe rundll32.exe PID 1384 wrote to memory of 504 1384 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\94ec99c214e960e3659208d061ea6b5a3ded57afe66b85e0314524e712e46d3f.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\94ec99c214e960e3659208d061ea6b5a3ded57afe66b85e0314524e712e46d3f.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\94ec99c214e960e3659208d061ea6b5a3ded57afe66b85e0314524e712e46d3f.dll",DllRegisterServer3⤵