c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:45

Sharing

Report Analysis Logs

General

Target

c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9.dll
Size

574KB
MD5

2e706b25892d1bf91fbd67ed9fc084c3
SHA1

b4c7e15fb8efaeca569124b91fbd576829f7c3c6
SHA256

c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9
SHA512

baffdc486502fe2f0d22251c8ee2cd1e337f011938b6128669dd1b8d2aafcc4700f64e9884708ba9ae628466805e13453970cc3c06a1f775e42e4071a07ce12a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2584 wrote to memory of 2604	2584	regsvr32.exe	regsvr32.exe
PID 2584 wrote to memory of 2604	2584	regsvr32.exe	regsvr32.exe
PID 2584 wrote to memory of 2604	2584	regsvr32.exe	regsvr32.exe
PID 2604 wrote to memory of 3760	2604	regsvr32.exe	rundll32.exe
PID 2604 wrote to memory of 3760	2604	regsvr32.exe	rundll32.exe
PID 2604 wrote to memory of 3760	2604	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2584

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2604

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9.dll",DllRegisterServer
3⤵
PID:3760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2604-115-0x0000000000000000-mapping.dmp

Download
memory/2604-117-0x0000000002F75000-0x0000000002F76000-memory.dmp

Filesize
4KB

Download
memory/2604-116-0x0000000002F51000-0x0000000002F75000-memory.dmp

Filesize
144KB

Download
memory/3760-118-0x0000000000000000-mapping.dmp

Download