25e523f07fe3ed6123e346fd2ac92eaa214b55bed6caac56b574243608af8679 | Triage

Analysis

max time kernel
110s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:49

Sharing

Report Analysis Logs

General

Target

25e523f07fe3ed6123e346fd2ac92eaa214b55bed6caac56b574243608af8679.dll
Size

574KB
MD5

1d9f4b16cb98f99e8771b84e4883fee8
SHA1

d717a44b9a0d2142963f6e3991a39747844fbf53
SHA256

25e523f07fe3ed6123e346fd2ac92eaa214b55bed6caac56b574243608af8679
SHA512

1a33fd6ac403848080ae85a7a68e053ed443080e2ef9cc5d1eb999f5ba559f058eab66a9c421fa4fcf9f6a8f1e95999d7afcab3f247d5bcfe3e2d5e342437e2c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2728 wrote to memory of 3116	2728	regsvr32.exe	regsvr32.exe
PID 2728 wrote to memory of 3116	2728	regsvr32.exe	regsvr32.exe
PID 2728 wrote to memory of 3116	2728	regsvr32.exe	regsvr32.exe
PID 3116 wrote to memory of 1888	3116	regsvr32.exe	rundll32.exe
PID 3116 wrote to memory of 1888	3116	regsvr32.exe	rundll32.exe
PID 3116 wrote to memory of 1888	3116	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\25e523f07fe3ed6123e346fd2ac92eaa214b55bed6caac56b574243608af8679.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2728

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\25e523f07fe3ed6123e346fd2ac92eaa214b55bed6caac56b574243608af8679.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3116

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\25e523f07fe3ed6123e346fd2ac92eaa214b55bed6caac56b574243608af8679.dll",DllRegisterServer
3⤵
PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1888-118-0x0000000000000000-mapping.dmp

Download
memory/3116-115-0x0000000000000000-mapping.dmp

Download
memory/3116-116-0x0000000000681000-0x00000000006A5000-memory.dmp

Filesize
144KB

Download
memory/3116-117-0x00000000006A5000-0x00000000006A6000-memory.dmp

Filesize
4KB

Download