b5ac741fd28a852d2ab8fa7df6404a5760af7df5ea39e99503d1331a6cc633d9 | Triage

Analysis

max time kernel
116s
max time network
120s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:49

Sharing

Report Analysis Logs

General

Target

b5ac741fd28a852d2ab8fa7df6404a5760af7df5ea39e99503d1331a6cc633d9.dll
Size

574KB
MD5

979cf33f69eceb73fc271a9088fe131c
SHA1

514afb9d9bf6c583721a1485e147cc207219f2de
SHA256

b5ac741fd28a852d2ab8fa7df6404a5760af7df5ea39e99503d1331a6cc633d9
SHA512

652dee206dbe084919ae196f585c96f1529e7d49baa88b53d482641b42b33a88dd5ffd95c28cd633d661ee240dfc194a42a8d0027e24af8b5a52e9f00aa91043

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2636 wrote to memory of 2684	2636	regsvr32.exe	regsvr32.exe
PID 2636 wrote to memory of 2684	2636	regsvr32.exe	regsvr32.exe
PID 2636 wrote to memory of 2684	2636	regsvr32.exe	regsvr32.exe
PID 2684 wrote to memory of 3580	2684	regsvr32.exe	rundll32.exe
PID 2684 wrote to memory of 3580	2684	regsvr32.exe	rundll32.exe
PID 2684 wrote to memory of 3580	2684	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b5ac741fd28a852d2ab8fa7df6404a5760af7df5ea39e99503d1331a6cc633d9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2636

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\b5ac741fd28a852d2ab8fa7df6404a5760af7df5ea39e99503d1331a6cc633d9.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2684

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\b5ac741fd28a852d2ab8fa7df6404a5760af7df5ea39e99503d1331a6cc633d9.dll",DllRegisterServer
3⤵
PID:3580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2684-116-0x0000000000000000-mapping.dmp

Download
memory/2684-118-0x00000000033F5000-0x00000000033F6000-memory.dmp

Filesize
4KB

Download
memory/3580-119-0x0000000000000000-mapping.dmp

Download