Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:09
Static task
static1
Behavioral task
behavioral1
Sample
0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll
-
Size
574KB
-
MD5
c8e498375d5008cd2d4520f9d46baa08
-
SHA1
ea2ad8beaa4e6711911ebc92c9590153615d1589
-
SHA256
0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a
-
SHA512
8793384920bdce79d8101b08989e8c324a14a2060ea7882e639d900cdca462a9dd7f494d3f7ce8c61b2d531c7f502fd6e2cfd1a8b6e21cf264ea6d1f76fbc528
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3444 wrote to memory of 3440 3444 regsvr32.exe regsvr32.exe PID 3444 wrote to memory of 3440 3444 regsvr32.exe regsvr32.exe PID 3444 wrote to memory of 3440 3444 regsvr32.exe regsvr32.exe PID 3440 wrote to memory of 3652 3440 regsvr32.exe rundll32.exe PID 3440 wrote to memory of 3652 3440 regsvr32.exe rundll32.exe PID 3440 wrote to memory of 3652 3440 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\0ee24ca941db1f83566777ca9327513b59bed6e298b771c407fdd2cf01853e3a.dll",DllRegisterServer3⤵