c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b | Triage

Analysis

max time kernel
116s
max time network
116s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:50

Sharing

Report Analysis Logs

General

Target

c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll
Size

574KB
MD5

1da15ad8351d048f49e1beca9c4d196c
SHA1

105985634712944eb7fe75d8894c8a088cd29ad7
SHA256

c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b
SHA512

673e1917c65f777fdcee6fbc37994c6fd31d0b27e7ec5130836adfe5d024c9d1ad2844d448638063f04d68eceb7f28fbecfaf9c22d008c792b7324e9d1e358c8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3488 wrote to memory of 3764	3488	regsvr32.exe	regsvr32.exe
PID 3488 wrote to memory of 3764	3488	regsvr32.exe	regsvr32.exe
PID 3488 wrote to memory of 3764	3488	regsvr32.exe	regsvr32.exe
PID 3764 wrote to memory of 4000	3764	regsvr32.exe	rundll32.exe
PID 3764 wrote to memory of 4000	3764	regsvr32.exe	rundll32.exe
PID 3764 wrote to memory of 4000	3764	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3488

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3764

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll",DllRegisterServer
3⤵
PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3764-115-0x0000000000000000-mapping.dmp

Download
memory/3764-116-0x0000000000D01000-0x0000000000D25000-memory.dmp

Filesize
144KB

Download
memory/3764-117-0x0000000000D25000-0x0000000000D26000-memory.dmp

Filesize
4KB

Download
memory/4000-118-0x0000000000000000-mapping.dmp

Download