3e5c5c43ff578fe2c8a1c61f2b5261705de7759df9cb819c129248c1a74d6250
General
Target
Filesize
Completed
3e5c5c43ff578fe2c8a1c61f2b5261705de7759df9cb819c129248c1a74d6250.dll
574KB
15-01-2022 01:11
Score
1/10
MD5
SHA1
SHA256
bfecd3b4c0ca3f50befe5bad0e0c6e1f
e5c141efee9d269cbbec3e71030de7eca7a82f59
3e5c5c43ff578fe2c8a1c61f2b5261705de7759df9cb819c129248c1a74d6250
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2644 wrote to memory of 3928 2644 regsvr32.exe regsvr32.exe PID 2644 wrote to memory of 3928 2644 regsvr32.exe regsvr32.exe PID 2644 wrote to memory of 3928 2644 regsvr32.exe regsvr32.exe PID 3928 wrote to memory of 2620 3928 regsvr32.exe rundll32.exe PID 3928 wrote to memory of 2620 3928 regsvr32.exe rundll32.exe PID 3928 wrote to memory of 2620 3928 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2644regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e5c5c43ff578fe2c8a1c61f2b5261705de7759df9cb819c129248c1a74d6250.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:3928/s C:\Users\Admin\AppData\Local\Temp\3e5c5c43ff578fe2c8a1c61f2b5261705de7759df9cb819c129248c1a74d6250.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:2620C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3e5c5c43ff578fe2c8a1c61f2b5261705de7759df9cb819c129248c1a74d6250.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2620-118-0x0000000000000000-mapping.dmp
-
memory/3928-115-0x0000000000000000-mapping.dmp
-
memory/3928-117-0x0000000002A95000-0x0000000002A96000-memory.dmp
Title
Loading data