Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:09
Static task
static1
Behavioral task
behavioral1
Sample
40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll
-
Size
574KB
-
MD5
88e6b6d86cfc033b0c7a172e8c1cfc08
-
SHA1
65ceef38c9f9f594e064f37fc883e118a5b16364
-
SHA256
40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c
-
SHA512
dbd42c0f8c49e742f6535b49e9505e6ab3d30f4d443a10a4733fc5089ab7294e76b454b08f0842f611485cbb0f2b117f52869850a87c4d464544989ff88c2bb3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3560 wrote to memory of 3636 3560 regsvr32.exe regsvr32.exe PID 3560 wrote to memory of 3636 3560 regsvr32.exe regsvr32.exe PID 3560 wrote to memory of 3636 3560 regsvr32.exe regsvr32.exe PID 3636 wrote to memory of 1688 3636 regsvr32.exe rundll32.exe PID 3636 wrote to memory of 1688 3636 regsvr32.exe rundll32.exe PID 3636 wrote to memory of 1688 3636 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll",DllRegisterServer3⤵