c43db4923037b57ec6453c192decc50b576d005b8577d20b3b1298de9877170b | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:49

Sharing

Report Analysis Logs

General

Target

c43db4923037b57ec6453c192decc50b576d005b8577d20b3b1298de9877170b.dll
Size

574KB
MD5

fc572cbbebb9865a9b574667f8f78036
SHA1

55b6d2a58ff83e6e7299c615358d70ef5d8b0dc5
SHA256

c43db4923037b57ec6453c192decc50b576d005b8577d20b3b1298de9877170b
SHA512

de99d46452ad26cb51b743ea5d28c2b89b3ca8d6121c71967a26d50491538a40ad4c39a2eee984b4d93bb4ab66f881666d6a5701ba2c0b4925758e7a6a54001b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3500 wrote to memory of 3544	3500	regsvr32.exe	regsvr32.exe
PID 3500 wrote to memory of 3544	3500	regsvr32.exe	regsvr32.exe
PID 3500 wrote to memory of 3544	3500	regsvr32.exe	regsvr32.exe
PID 3544 wrote to memory of 3652	3544	regsvr32.exe	rundll32.exe
PID 3544 wrote to memory of 3652	3544	regsvr32.exe	rundll32.exe
PID 3544 wrote to memory of 3652	3544	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c43db4923037b57ec6453c192decc50b576d005b8577d20b3b1298de9877170b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3500

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c43db4923037b57ec6453c192decc50b576d005b8577d20b3b1298de9877170b.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3544

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c43db4923037b57ec6453c192decc50b576d005b8577d20b3b1298de9877170b.dll",DllRegisterServer
3⤵
PID:3652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3544-115-0x0000000000000000-mapping.dmp

Download
memory/3544-117-0x00000000046B5000-0x00000000046B6000-memory.dmp

Filesize
4KB

Download
memory/3544-116-0x0000000004691000-0x00000000046B5000-memory.dmp

Filesize
144KB

Download
memory/3652-118-0x0000000000000000-mapping.dmp

Download