d983513ed0808a4838e45e297655196db97aed89ecd02c5e6ee9f5aa77aebb3b | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:45

Sharing

Report Analysis Logs

General

Target

d983513ed0808a4838e45e297655196db97aed89ecd02c5e6ee9f5aa77aebb3b.dll
Size

574KB
MD5

45d53ad1f94c69c4e5c346b6e1693812
SHA1

b7a6360987651263819c5a1cf6027d60c7a92f30
SHA256

d983513ed0808a4838e45e297655196db97aed89ecd02c5e6ee9f5aa77aebb3b
SHA512

4aae1759dc8fdad209e0f420c402f49436ece23c50775c4535dd9d41fa9abbb510be22be623dfb15e27b9786458df03c381ac331e5556982c9131d8776a94948

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3792 wrote to memory of 3160	3792	regsvr32.exe	regsvr32.exe
PID 3792 wrote to memory of 3160	3792	regsvr32.exe	regsvr32.exe
PID 3792 wrote to memory of 3160	3792	regsvr32.exe	regsvr32.exe
PID 3160 wrote to memory of 524	3160	regsvr32.exe	rundll32.exe
PID 3160 wrote to memory of 524	3160	regsvr32.exe	rundll32.exe
PID 3160 wrote to memory of 524	3160	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d983513ed0808a4838e45e297655196db97aed89ecd02c5e6ee9f5aa77aebb3b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3792

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\d983513ed0808a4838e45e297655196db97aed89ecd02c5e6ee9f5aa77aebb3b.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3160

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\d983513ed0808a4838e45e297655196db97aed89ecd02c5e6ee9f5aa77aebb3b.dll",DllRegisterServer
3⤵
PID:524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/524-118-0x0000000000000000-mapping.dmp

Download
memory/3160-115-0x0000000000000000-mapping.dmp

Download
memory/3160-117-0x0000000004775000-0x0000000004776000-memory.dmp

Filesize
4KB

Download
memory/3160-116-0x0000000004751000-0x0000000004775000-memory.dmp

Filesize
144KB

Download