df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8
General
Target
Filesize
Completed
df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8.dll
574KB
15-01-2022 01:47
Score
1/10
MD5
SHA1
SHA256
cc0f99d0366aa8701b893da8a7a4d687
d69bc10e77bfe3f4923b62cdb4f31ba6c3dc1d58
df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2408 wrote to memory of 2468 2408 regsvr32.exe regsvr32.exe PID 2408 wrote to memory of 2468 2408 regsvr32.exe regsvr32.exe PID 2408 wrote to memory of 2468 2408 regsvr32.exe regsvr32.exe PID 2468 wrote to memory of 2112 2468 regsvr32.exe rundll32.exe PID 2468 wrote to memory of 2112 2468 regsvr32.exe rundll32.exe PID 2468 wrote to memory of 2112 2468 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2408regsvr32 /s C:\Users\Admin\AppData\Local\Temp\df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2468/s C:\Users\Admin\AppData\Local\Temp\df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:2112C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2112-119-0x0000000000000000-mapping.dmp
-
memory/2468-116-0x0000000000000000-mapping.dmp
-
memory/2468-118-0x0000000003465000-0x0000000003466000-memory.dmp
-
memory/2468-117-0x0000000003441000-0x0000000003465000-memory.dmp
Title
Loading data