63a54679203c22821fcf36e50c36ea0b00047b005086482aa30f2c82a8e10a37 | Triage

Analysis

max time kernel
78s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:45

Sharing

Report Analysis Logs

General

Target

63a54679203c22821fcf36e50c36ea0b00047b005086482aa30f2c82a8e10a37.dll
Size

574KB
MD5

46c55eeb0010cc3bf0a8bf1789acbaf0
SHA1

b3ec2edbc179f320d25e058cbde2bc7b220b0ca1
SHA256

63a54679203c22821fcf36e50c36ea0b00047b005086482aa30f2c82a8e10a37
SHA512

76566f81f9f698bd8c4701d528f3f8e315d5b49c6c7f664b783efcaaedd5f5778096146ddfd3c8e36ca8c58169aa0e1781cf4ef15d9bc46fed2f323c9d1de97f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2584 wrote to memory of 2648	2584	regsvr32.exe	regsvr32.exe
PID 2584 wrote to memory of 2648	2584	regsvr32.exe	regsvr32.exe
PID 2584 wrote to memory of 2648	2584	regsvr32.exe	regsvr32.exe
PID 2648 wrote to memory of 3444	2648	regsvr32.exe	rundll32.exe
PID 2648 wrote to memory of 3444	2648	regsvr32.exe	rundll32.exe
PID 2648 wrote to memory of 3444	2648	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\63a54679203c22821fcf36e50c36ea0b00047b005086482aa30f2c82a8e10a37.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2584

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\63a54679203c22821fcf36e50c36ea0b00047b005086482aa30f2c82a8e10a37.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2648

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\63a54679203c22821fcf36e50c36ea0b00047b005086482aa30f2c82a8e10a37.dll",DllRegisterServer
3⤵
PID:3444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-115-0x0000000000000000-mapping.dmp

Download
memory/2648-117-0x00000000005C5000-0x00000000005C6000-memory.dmp

Filesize
4KB

Download
memory/2648-116-0x00000000005A1000-0x00000000005C5000-memory.dmp

Filesize
144KB

Download
memory/3444-118-0x0000000000000000-mapping.dmp

Download