Analysis
-
max time kernel
116s -
max time network
116s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:50
Static task
static1
Behavioral task
behavioral1
Sample
c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll
-
Size
574KB
-
MD5
1da15ad8351d048f49e1beca9c4d196c
-
SHA1
105985634712944eb7fe75d8894c8a088cd29ad7
-
SHA256
c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b
-
SHA512
673e1917c65f777fdcee6fbc37994c6fd31d0b27e7ec5130836adfe5d024c9d1ad2844d448638063f04d68eceb7f28fbecfaf9c22d008c792b7324e9d1e358c8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3488 wrote to memory of 3764 3488 regsvr32.exe regsvr32.exe PID 3488 wrote to memory of 3764 3488 regsvr32.exe regsvr32.exe PID 3488 wrote to memory of 3764 3488 regsvr32.exe regsvr32.exe PID 3764 wrote to memory of 4000 3764 regsvr32.exe rundll32.exe PID 3764 wrote to memory of 4000 3764 regsvr32.exe rundll32.exe PID 3764 wrote to memory of 4000 3764 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c190aaf6c5ca5a49ae31be4cf96e0605b8aa6c8e10f63e02dd14362ca60d404b.dll",DllRegisterServer3⤵