72d5fb9a2de13f483a7147363964e8d05f1a89a1402966f8ece1414072b6e55f | Triage

Analysis

max time kernel
120s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:49

Sharing

Report Analysis Logs

General

Target

72d5fb9a2de13f483a7147363964e8d05f1a89a1402966f8ece1414072b6e55f.dll
Size

574KB
MD5

3b999cfad98675aff923ee7d07cdc6cd
SHA1

e40e13f5c08e4057fd987369538063b98fa5f140
SHA256

72d5fb9a2de13f483a7147363964e8d05f1a89a1402966f8ece1414072b6e55f
SHA512

8927bcdb41e6486388187fd61fa6496c517e3543c4af2b772c1249f52855a5188a9a9bb7ca357966dedf1c428bc7218220c24392a775671c82e3439a854982c1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3992 wrote to memory of 3932	3992	regsvr32.exe	regsvr32.exe
PID 3992 wrote to memory of 3932	3992	regsvr32.exe	regsvr32.exe
PID 3992 wrote to memory of 3932	3992	regsvr32.exe	regsvr32.exe
PID 3932 wrote to memory of 1688	3932	regsvr32.exe	rundll32.exe
PID 3932 wrote to memory of 1688	3932	regsvr32.exe	rundll32.exe
PID 3932 wrote to memory of 1688	3932	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\72d5fb9a2de13f483a7147363964e8d05f1a89a1402966f8ece1414072b6e55f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3992

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\72d5fb9a2de13f483a7147363964e8d05f1a89a1402966f8ece1414072b6e55f.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3932

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\72d5fb9a2de13f483a7147363964e8d05f1a89a1402966f8ece1414072b6e55f.dll",DllRegisterServer
3⤵
PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1688-121-0x0000000000000000-mapping.dmp

Download
memory/3932-118-0x0000000000000000-mapping.dmp

Download
memory/3932-120-0x0000000003115000-0x0000000003116000-memory.dmp

Filesize
4KB

Download