9b7bd341248f5dc154ee41871c9679ed1726d84e26eb6a603626777ea112107b | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:50

Sharing

Report Analysis Logs

General

Target

9b7bd341248f5dc154ee41871c9679ed1726d84e26eb6a603626777ea112107b.dll
Size

574KB
MD5

4f68ebd163986e91327bcf9901b3f870
SHA1

5e7a8522379f0700499771c06757646e20911347
SHA256

9b7bd341248f5dc154ee41871c9679ed1726d84e26eb6a603626777ea112107b
SHA512

0b8b40db7fbb8ee80a5e6eaeaabbf8c8f0366374faba9d8e8e110bf9b73bcc4f54c6d41c0f89d70d871e248525cfbdcb1c6c0962819119c3b250c3307371b281

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2440 wrote to memory of 764	2440	regsvr32.exe	regsvr32.exe
PID 2440 wrote to memory of 764	2440	regsvr32.exe	regsvr32.exe
PID 2440 wrote to memory of 764	2440	regsvr32.exe	regsvr32.exe
PID 764 wrote to memory of 1352	764	regsvr32.exe	rundll32.exe
PID 764 wrote to memory of 1352	764	regsvr32.exe	rundll32.exe
PID 764 wrote to memory of 1352	764	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9b7bd341248f5dc154ee41871c9679ed1726d84e26eb6a603626777ea112107b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2440

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\9b7bd341248f5dc154ee41871c9679ed1726d84e26eb6a603626777ea112107b.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:764

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\9b7bd341248f5dc154ee41871c9679ed1726d84e26eb6a603626777ea112107b.dll",DllRegisterServer
3⤵
PID:1352

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/764-115-0x0000000000000000-mapping.dmp

Download
memory/764-117-0x0000000002E45000-0x0000000002E46000-memory.dmp

Filesize
4KB

Download
memory/764-116-0x0000000002E21000-0x0000000002E45000-memory.dmp

Filesize
144KB

Download
memory/1352-118-0x0000000000000000-mapping.dmp

Download