f25ac40d3bee5cbf64ed6fe1ac3b9a93ee779762b172c22470876711ac8aeba5 | Triage

Analysis

max time kernel
119s
max time network
118s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:49

Sharing

Report Analysis Logs

General

Target

f25ac40d3bee5cbf64ed6fe1ac3b9a93ee779762b172c22470876711ac8aeba5.dll
Size

574KB
MD5

86de780499db370b15c058601edc1d94
SHA1

7d74329da0a5ab4f8933aa3f6ac9793bded3f7b2
SHA256

f25ac40d3bee5cbf64ed6fe1ac3b9a93ee779762b172c22470876711ac8aeba5
SHA512

acf32178918458dd61baac46b67fd935134185b15cef6e19b753b8d4d0fe207ca88d40b30b006e231e523e871bd7e63c87b0b2cc0d9511b081f467387e349773

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2704 wrote to memory of 2716	2704	regsvr32.exe	regsvr32.exe
PID 2704 wrote to memory of 2716	2704	regsvr32.exe	regsvr32.exe
PID 2704 wrote to memory of 2716	2704	regsvr32.exe	regsvr32.exe
PID 2716 wrote to memory of 3704	2716	regsvr32.exe	rundll32.exe
PID 2716 wrote to memory of 3704	2716	regsvr32.exe	rundll32.exe
PID 2716 wrote to memory of 3704	2716	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f25ac40d3bee5cbf64ed6fe1ac3b9a93ee779762b172c22470876711ac8aeba5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2704

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\f25ac40d3bee5cbf64ed6fe1ac3b9a93ee779762b172c22470876711ac8aeba5.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2716

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f25ac40d3bee5cbf64ed6fe1ac3b9a93ee779762b172c22470876711ac8aeba5.dll",DllRegisterServer
3⤵
PID:3704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2716-115-0x0000000000000000-mapping.dmp

Download
memory/2716-117-0x0000000002DB5000-0x0000000002DB6000-memory.dmp

Filesize
4KB

Download
memory/3704-118-0x0000000000000000-mapping.dmp

Download