df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8 | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:45

Sharing

Report Analysis Logs

General

Target

df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8.dll
Size

574KB
MD5

cc0f99d0366aa8701b893da8a7a4d687
SHA1

d69bc10e77bfe3f4923b62cdb4f31ba6c3dc1d58
SHA256

df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8
SHA512

42464b4f74b75c29d1c11f41a22a204c488239442431a3466e334ceedcc0e9d6ae560b82c45a51e6d3a8704f293b29eb63a544291e989e92404f21752bd7ea44

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2408 wrote to memory of 2468	2408	regsvr32.exe	regsvr32.exe
PID 2408 wrote to memory of 2468	2408	regsvr32.exe	regsvr32.exe
PID 2408 wrote to memory of 2468	2408	regsvr32.exe	regsvr32.exe
PID 2468 wrote to memory of 2112	2468	regsvr32.exe	rundll32.exe
PID 2468 wrote to memory of 2112	2468	regsvr32.exe	rundll32.exe
PID 2468 wrote to memory of 2112	2468	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2408

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2468

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\df98d9f9e8fa2d25d4542cbefd22f5b2d06c27f30f22c6a4585c595f9fc5fee8.dll",DllRegisterServer
3⤵
PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2112-119-0x0000000000000000-mapping.dmp

Download
memory/2468-116-0x0000000000000000-mapping.dmp

Download
memory/2468-118-0x0000000003465000-0x0000000003466000-memory.dmp

Filesize
4KB

Download
memory/2468-117-0x0000000003441000-0x0000000003465000-memory.dmp

Filesize
144KB

Download