c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9
General
Target
Filesize
Completed
c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9.dll
574KB
15-01-2022 01:47
Score
1/10
MD5
SHA1
SHA256
2e706b25892d1bf91fbd67ed9fc084c3
b4c7e15fb8efaeca569124b91fbd576829f7c3c6
c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2584 wrote to memory of 2604 2584 regsvr32.exe regsvr32.exe PID 2584 wrote to memory of 2604 2584 regsvr32.exe regsvr32.exe PID 2584 wrote to memory of 2604 2584 regsvr32.exe regsvr32.exe PID 2604 wrote to memory of 3760 2604 regsvr32.exe rundll32.exe PID 2604 wrote to memory of 3760 2604 regsvr32.exe rundll32.exe PID 2604 wrote to memory of 3760 2604 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2584regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2604/s C:\Users\Admin\AppData\Local\Temp\c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3760C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c74a103d85137fe73ec0c3e64530e9d5edafd61fa3d57e956d1b8d18c6959ff9.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2604-115-0x0000000000000000-mapping.dmp
-
memory/2604-117-0x0000000002F75000-0x0000000002F76000-memory.dmp
-
memory/2604-116-0x0000000002F51000-0x0000000002F75000-memory.dmp
-
memory/3760-118-0x0000000000000000-mapping.dmp
Title
Loading data