0843fc46aa1c9f59d092519d4d66766aa5108136a1e66e4a338a0022fd7ae3ac | Triage

Analysis

max time kernel
63s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:09

Sharing

Report Analysis Logs

General

Target

0843fc46aa1c9f59d092519d4d66766aa5108136a1e66e4a338a0022fd7ae3ac.dll
Size

574KB
MD5

416a06a72a23ec91db8dde0689e4f76b
SHA1

f677425a94f36d407cfc757012b215d24e75fffa
SHA256

0843fc46aa1c9f59d092519d4d66766aa5108136a1e66e4a338a0022fd7ae3ac
SHA512

c1075a784ff42075ac3c1491d9fcf4930a1eb213d6352ad508675961882963f97a1d9af271130d311e211773cb75f1ea761fda3024d3d9f9cd00218c19060895

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 1028 wrote to memory of 1108	1028	regsvr32.exe	regsvr32.exe
PID 1028 wrote to memory of 1108	1028	regsvr32.exe	regsvr32.exe
PID 1028 wrote to memory of 1108	1028	regsvr32.exe	regsvr32.exe
PID 1108 wrote to memory of 1468	1108	regsvr32.exe	rundll32.exe
PID 1108 wrote to memory of 1468	1108	regsvr32.exe	rundll32.exe
PID 1108 wrote to memory of 1468	1108	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0843fc46aa1c9f59d092519d4d66766aa5108136a1e66e4a338a0022fd7ae3ac.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1028

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0843fc46aa1c9f59d092519d4d66766aa5108136a1e66e4a338a0022fd7ae3ac.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1108

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\0843fc46aa1c9f59d092519d4d66766aa5108136a1e66e4a338a0022fd7ae3ac.dll",DllRegisterServer
3⤵
PID:1468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1108-115-0x0000000000000000-mapping.dmp

Download
memory/1108-117-0x00000000044C5000-0x00000000044C6000-memory.dmp

Filesize
4KB

Download
memory/1108-116-0x00000000044A1000-0x00000000044C5000-memory.dmp

Filesize
144KB

Download
memory/1468-118-0x0000000000000000-mapping.dmp

Download