3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f
General
Target
Filesize
Completed
3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f.dll
574KB
15-01-2022 01:47
Score
1/10
MD5
SHA1
SHA256
91fca0bee57f8e0b963df4b6bfe5587c
ae046e3a69f965a217eb63b609dd55e33a4f23c6
3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2532 wrote to memory of 2736 2532 regsvr32.exe regsvr32.exe PID 2532 wrote to memory of 2736 2532 regsvr32.exe regsvr32.exe PID 2532 wrote to memory of 2736 2532 regsvr32.exe regsvr32.exe PID 2736 wrote to memory of 3032 2736 regsvr32.exe rundll32.exe PID 2736 wrote to memory of 3032 2736 regsvr32.exe rundll32.exe PID 2736 wrote to memory of 3032 2736 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2532regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2736/s C:\Users\Admin\AppData\Local\Temp\3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3032C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2736-115-0x0000000000000000-mapping.dmp
-
memory/2736-116-0x0000000003F91000-0x0000000003FB5000-memory.dmp
-
memory/2736-117-0x0000000003FB5000-0x0000000003FB6000-memory.dmp
-
memory/3032-118-0x0000000000000000-mapping.dmp
Title
Loading data