3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f | Triage

Analysis

max time kernel
119s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:45

Sharing

Report Analysis Logs

General

Target

3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f.dll
Size

574KB
MD5

91fca0bee57f8e0b963df4b6bfe5587c
SHA1

ae046e3a69f965a217eb63b609dd55e33a4f23c6
SHA256

3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f
SHA512

20f759b676babaa81c3d1f3fe464bc8a5ed9eb80504d8765a207e5af09004e53f25f18c161ef2d6f6d80c0a228f67493c7caeccb18fffa115c248005f840e06b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2532 wrote to memory of 2736	2532	regsvr32.exe	regsvr32.exe
PID 2532 wrote to memory of 2736	2532	regsvr32.exe	regsvr32.exe
PID 2532 wrote to memory of 2736	2532	regsvr32.exe	regsvr32.exe
PID 2736 wrote to memory of 3032	2736	regsvr32.exe	rundll32.exe
PID 2736 wrote to memory of 3032	2736	regsvr32.exe	rundll32.exe
PID 2736 wrote to memory of 3032	2736	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2532

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2736

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3520878d12fec8f7551b20ad31d067d9ea3be19c7cd48232213662f24eff994f.dll",DllRegisterServer
3⤵
PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2736-115-0x0000000000000000-mapping.dmp

Download
memory/2736-116-0x0000000003F91000-0x0000000003FB5000-memory.dmp

Filesize
144KB

Download
memory/2736-117-0x0000000003FB5000-0x0000000003FB6000-memory.dmp

Filesize
4KB

Download
memory/3032-118-0x0000000000000000-mapping.dmp

Download