Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:09
Static task
static1
Behavioral task
behavioral1
Sample
cc20e1f2eafe922e727c0d12e8ee576d0ebd06d9fa0a60c727c250ee1d48e27c.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
cc20e1f2eafe922e727c0d12e8ee576d0ebd06d9fa0a60c727c250ee1d48e27c.dll
-
Size
574KB
-
MD5
7a4920175f5401be98e1f76ad495233e
-
SHA1
37188977293df0994edb708423ab7596953b1219
-
SHA256
cc20e1f2eafe922e727c0d12e8ee576d0ebd06d9fa0a60c727c250ee1d48e27c
-
SHA512
a8f1239388f76cd49b64710ead30dace872831fb79de62588225a5ce3a856b89fa8a9874eb90f98cb58005bfdf3cd48f4dfd53a21d5e8710179a83bb29b8bed7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3712 wrote to memory of 3596 3712 regsvr32.exe regsvr32.exe PID 3712 wrote to memory of 3596 3712 regsvr32.exe regsvr32.exe PID 3712 wrote to memory of 3596 3712 regsvr32.exe regsvr32.exe PID 3596 wrote to memory of 3736 3596 regsvr32.exe rundll32.exe PID 3596 wrote to memory of 3736 3596 regsvr32.exe rundll32.exe PID 3596 wrote to memory of 3736 3596 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\cc20e1f2eafe922e727c0d12e8ee576d0ebd06d9fa0a60c727c250ee1d48e27c.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\cc20e1f2eafe922e727c0d12e8ee576d0ebd06d9fa0a60c727c250ee1d48e27c.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\cc20e1f2eafe922e727c0d12e8ee576d0ebd06d9fa0a60c727c250ee1d48e27c.dll",DllRegisterServer3⤵