f514a6cd9bc1c4e8e450b468f543763062b321111ca26d6fe0f3f236a0a93742
General
Target
Filesize
Completed
f514a6cd9bc1c4e8e450b468f543763062b321111ca26d6fe0f3f236a0a93742.dll
574KB
15-01-2022 01:47
Score
1/10
MD5
SHA1
SHA256
b55bd7d7833da0e8284b0794e1858c66
f65890c4555db363b0b51de9405df2d8ad8d6df8
f514a6cd9bc1c4e8e450b468f543763062b321111ca26d6fe0f3f236a0a93742
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2708 wrote to memory of 2744 2708 regsvr32.exe regsvr32.exe PID 2708 wrote to memory of 2744 2708 regsvr32.exe regsvr32.exe PID 2708 wrote to memory of 2744 2708 regsvr32.exe regsvr32.exe PID 2744 wrote to memory of 3664 2744 regsvr32.exe rundll32.exe PID 2744 wrote to memory of 3664 2744 regsvr32.exe rundll32.exe PID 2744 wrote to memory of 3664 2744 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2708regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f514a6cd9bc1c4e8e450b468f543763062b321111ca26d6fe0f3f236a0a93742.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2744/s C:\Users\Admin\AppData\Local\Temp\f514a6cd9bc1c4e8e450b468f543763062b321111ca26d6fe0f3f236a0a93742.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3664C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f514a6cd9bc1c4e8e450b468f543763062b321111ca26d6fe0f3f236a0a93742.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2744-115-0x0000000000000000-mapping.dmp
-
memory/2744-117-0x0000000000C85000-0x0000000000C86000-memory.dmp
-
memory/2744-116-0x0000000000C61000-0x0000000000C85000-memory.dmp
-
memory/3664-118-0x0000000000000000-mapping.dmp
Title
Loading data