Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    15-01-2022 01:09

General

  • Target

    40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll

  • Size

    574KB

  • MD5

    88e6b6d86cfc033b0c7a172e8c1cfc08

  • SHA1

    65ceef38c9f9f594e064f37fc883e118a5b16364

  • SHA256

    40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c

  • SHA512

    dbd42c0f8c49e742f6535b49e9505e6ab3d30f4d443a10a4733fc5089ab7294e76b454b08f0842f611485cbb0f2b117f52869850a87c4d464544989ff88c2bb3

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3560
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3636
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\40232bdd052515f8a24cf930e5e58bb863796548da4942f972722b27f2face1c.dll",DllRegisterServer
        3⤵
          PID:1688

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1688-118-0x0000000000000000-mapping.dmp
    • memory/3636-115-0x0000000000000000-mapping.dmp
    • memory/3636-117-0x0000000002EE5000-0x0000000002EE6000-memory.dmp
      Filesize

      4KB

    • memory/3636-116-0x0000000002EC1000-0x0000000002EE5000-memory.dmp
      Filesize

      144KB