5deda744d50ba76e8cde8f0d7737402e4d8f46f22952119dc00aec1c928d8f86
General
Target
Filesize
Completed
5deda744d50ba76e8cde8f0d7737402e4d8f46f22952119dc00aec1c928d8f86.dll
574KB
15-01-2022 01:47
Score
1/10
MD5
SHA1
SHA256
dab114e46255fe871f570cbf62ba8db5
cf36ae8d18749eb72772d6537fb90d458f551270
5deda744d50ba76e8cde8f0d7737402e4d8f46f22952119dc00aec1c928d8f86
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 3732 wrote to memory of 3320 3732 regsvr32.exe regsvr32.exe PID 3732 wrote to memory of 3320 3732 regsvr32.exe regsvr32.exe PID 3732 wrote to memory of 3320 3732 regsvr32.exe regsvr32.exe PID 3320 wrote to memory of 3524 3320 regsvr32.exe rundll32.exe PID 3320 wrote to memory of 3524 3320 regsvr32.exe rundll32.exe PID 3320 wrote to memory of 3524 3320 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:3732regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5deda744d50ba76e8cde8f0d7737402e4d8f46f22952119dc00aec1c928d8f86.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:3320/s C:\Users\Admin\AppData\Local\Temp\5deda744d50ba76e8cde8f0d7737402e4d8f46f22952119dc00aec1c928d8f86.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3524C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\5deda744d50ba76e8cde8f0d7737402e4d8f46f22952119dc00aec1c928d8f86.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/3320-115-0x0000000000000000-mapping.dmp
-
memory/3320-117-0x0000000001325000-0x0000000001326000-memory.dmp
-
memory/3320-116-0x0000000001301000-0x0000000001325000-memory.dmp
-
memory/3524-118-0x0000000000000000-mapping.dmp
Title
Loading data