Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    15-01-2022 01:09

General

  • Target

    0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll

  • Size

    574KB

  • MD5

    c8e498375d5008cd2d4520f9d46baa08

  • SHA1

    ea2ad8beaa4e6711911ebc92c9590153615d1589

  • SHA256

    0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a

  • SHA512

    8793384920bdce79d8101b08989e8c324a14a2060ea7882e639d900cdca462a9dd7f494d3f7ce8c61b2d531c7f502fd6e2cfd1a8b6e21cf264ea6d1f76fbc528

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3444
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3440
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll",DllRegisterServer
        3⤵
          PID:3652

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3440-115-0x0000000000000000-mapping.dmp
    • memory/3440-117-0x0000000003425000-0x0000000003426000-memory.dmp
      Filesize

      4KB

    • memory/3440-116-0x0000000003401000-0x0000000003425000-memory.dmp
      Filesize

      144KB

    • memory/3652-118-0x0000000000000000-mapping.dmp