26781267bdf05e61e0660da8576e243af5b374dfe18ab8352305972dd4b76cbf | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:47

Sharing

Report Analysis Logs

General

Target

26781267bdf05e61e0660da8576e243af5b374dfe18ab8352305972dd4b76cbf.dll
Size

574KB
MD5

117e470202083d4eabfd2472748741aa
SHA1

df3a02273cc816b501e3c72ddc9f71698dcba079
SHA256

26781267bdf05e61e0660da8576e243af5b374dfe18ab8352305972dd4b76cbf
SHA512

ee4c2b0d990d0e2d9e8d43769fb8a88b048c9708706a5db8f7f4294377ec2f809c8a945596533c554e9c5ea1ff6cbd66770164a9be73c5062f593ca5cee2fe50

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3208 wrote to memory of 3116	3208	regsvr32.exe	regsvr32.exe
PID 3208 wrote to memory of 3116	3208	regsvr32.exe	regsvr32.exe
PID 3208 wrote to memory of 3116	3208	regsvr32.exe	regsvr32.exe
PID 3116 wrote to memory of 3188	3116	regsvr32.exe	rundll32.exe
PID 3116 wrote to memory of 3188	3116	regsvr32.exe	rundll32.exe
PID 3116 wrote to memory of 3188	3116	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\26781267bdf05e61e0660da8576e243af5b374dfe18ab8352305972dd4b76cbf.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3208

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\26781267bdf05e61e0660da8576e243af5b374dfe18ab8352305972dd4b76cbf.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3116

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\26781267bdf05e61e0660da8576e243af5b374dfe18ab8352305972dd4b76cbf.dll",DllRegisterServer
3⤵
PID:3188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3116-115-0x0000000000000000-mapping.dmp

Download
memory/3116-117-0x00000000032E5000-0x00000000032E6000-memory.dmp

Filesize
4KB

Download
memory/3116-116-0x00000000032C1000-0x00000000032E5000-memory.dmp

Filesize
144KB

Download
memory/3188-118-0x0000000000000000-mapping.dmp

Download