Analysis
-
max time kernel
123s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:45
Static task
static1
Behavioral task
behavioral1
Sample
82989b740c9f3d3432108ea4bab5a59016ece08eb0a655a1d24ad2aaa0f863f7.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
82989b740c9f3d3432108ea4bab5a59016ece08eb0a655a1d24ad2aaa0f863f7.dll
-
Size
574KB
-
MD5
0839439267151781c0a5c1f1dae20aa3
-
SHA1
8ea5b7bafa3c583239af7046d55ccf9bd02a2e20
-
SHA256
82989b740c9f3d3432108ea4bab5a59016ece08eb0a655a1d24ad2aaa0f863f7
-
SHA512
2a201ed202cef621f5bfce7ee803f3396625f944e2eb47c4155e372b209cbf7ab2820932d49d2dbb7ed1c8a2a59aa80d05bd80f2e70c81979fb5ef8eb8d2922d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 2784 wrote to memory of 4056 2784 regsvr32.exe regsvr32.exe PID 2784 wrote to memory of 4056 2784 regsvr32.exe regsvr32.exe PID 2784 wrote to memory of 4056 2784 regsvr32.exe regsvr32.exe PID 4056 wrote to memory of 652 4056 regsvr32.exe rundll32.exe PID 4056 wrote to memory of 652 4056 regsvr32.exe rundll32.exe PID 4056 wrote to memory of 652 4056 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\82989b740c9f3d3432108ea4bab5a59016ece08eb0a655a1d24ad2aaa0f863f7.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\82989b740c9f3d3432108ea4bab5a59016ece08eb0a655a1d24ad2aaa0f863f7.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\82989b740c9f3d3432108ea4bab5a59016ece08eb0a655a1d24ad2aaa0f863f7.dll",DllRegisterServer3⤵