5ff24388e3052baef082e9d6355a0b50232686d17f74d9d9f35eb1130b70344f | Triage

Analysis

max time kernel
62s
max time network
105s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:49

Sharing

Report Analysis Logs

General

Target

5ff24388e3052baef082e9d6355a0b50232686d17f74d9d9f35eb1130b70344f.dll
Size

574KB
MD5

98bacc13b16dd6255f8115be47c46ec7
SHA1

d07e209d17e6a3c5a85383559451c45ad6404d5b
SHA256

5ff24388e3052baef082e9d6355a0b50232686d17f74d9d9f35eb1130b70344f
SHA512

b7f1f337467d6fa213081f9787977916ff4f592ca4d84dadf0e19f6cb4a382c7ef39218f3d9122537f42d7303b1345afebe2949e09f31d42b105215e32709286

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3900 wrote to memory of 660	3900	regsvr32.exe	regsvr32.exe
PID 3900 wrote to memory of 660	3900	regsvr32.exe	regsvr32.exe
PID 3900 wrote to memory of 660	3900	regsvr32.exe	regsvr32.exe
PID 660 wrote to memory of 808	660	regsvr32.exe	rundll32.exe
PID 660 wrote to memory of 808	660	regsvr32.exe	rundll32.exe
PID 660 wrote to memory of 808	660	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5ff24388e3052baef082e9d6355a0b50232686d17f74d9d9f35eb1130b70344f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3900

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\5ff24388e3052baef082e9d6355a0b50232686d17f74d9d9f35eb1130b70344f.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:660

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\5ff24388e3052baef082e9d6355a0b50232686d17f74d9d9f35eb1130b70344f.dll",DllRegisterServer
3⤵
PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/660-115-0x0000000000000000-mapping.dmp

Download
memory/660-117-0x0000000004AE5000-0x0000000004AE6000-memory.dmp

Filesize
4KB

Download
memory/660-116-0x0000000004AC1000-0x0000000004AE5000-memory.dmp

Filesize
144KB

Download
memory/808-118-0x0000000000000000-mapping.dmp

Download