0522d14be416f1bbe2f7c05f9553294a87dc0f387336cc5649e312ac567398e1
General
Target
Filesize
Completed
0522d14be416f1bbe2f7c05f9553294a87dc0f387336cc5649e312ac567398e1.dll
574KB
15-01-2022 01:47
Score
1/10
MD5
SHA1
SHA256
a93e323c015735e3224b3cee872d6298
b98fa38356b94e4bdb9f44c7b80528a8185da0dc
0522d14be416f1bbe2f7c05f9553294a87dc0f387336cc5649e312ac567398e1
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2448 wrote to memory of 912 2448 regsvr32.exe regsvr32.exe PID 2448 wrote to memory of 912 2448 regsvr32.exe regsvr32.exe PID 2448 wrote to memory of 912 2448 regsvr32.exe regsvr32.exe PID 912 wrote to memory of 1324 912 regsvr32.exe rundll32.exe PID 912 wrote to memory of 1324 912 regsvr32.exe rundll32.exe PID 912 wrote to memory of 1324 912 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2448regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0522d14be416f1bbe2f7c05f9553294a87dc0f387336cc5649e312ac567398e1.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:912/s C:\Users\Admin\AppData\Local\Temp\0522d14be416f1bbe2f7c05f9553294a87dc0f387336cc5649e312ac567398e1.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:1324C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\0522d14be416f1bbe2f7c05f9553294a87dc0f387336cc5649e312ac567398e1.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/912-115-0x0000000000000000-mapping.dmp
-
memory/912-117-0x00000000007B5000-0x00000000007B6000-memory.dmp
-
memory/912-116-0x0000000000791000-0x00000000007B5000-memory.dmp
-
memory/1324-118-0x0000000000000000-mapping.dmp
Title
Loading data