3156cc6407069ebbfd20655fd869972986805ec525287a4f320f83c2517c450d | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:09

Sharing

Report Analysis Logs

General

Target

3156cc6407069ebbfd20655fd869972986805ec525287a4f320f83c2517c450d.dll
Size

574KB
MD5

ebe5f94c3f46923100fcad7393ebddcf
SHA1

a56bfc3bd2d0f50a78b0fea09542b2c60f16f27e
SHA256

3156cc6407069ebbfd20655fd869972986805ec525287a4f320f83c2517c450d
SHA512

7991152525b80554044ccbf7c29727eff4a4811b13ba47682fa084b055bc0b9e2ce8eb431159be47aaeaa34b7e3b856a000e6ac199a81ffe46b23618c7d7e9d6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2416 wrote to memory of 2488	2416	regsvr32.exe	regsvr32.exe
PID 2416 wrote to memory of 2488	2416	regsvr32.exe	regsvr32.exe
PID 2416 wrote to memory of 2488	2416	regsvr32.exe	regsvr32.exe
PID 2488 wrote to memory of 2776	2488	regsvr32.exe	rundll32.exe
PID 2488 wrote to memory of 2776	2488	regsvr32.exe	rundll32.exe
PID 2488 wrote to memory of 2776	2488	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3156cc6407069ebbfd20655fd869972986805ec525287a4f320f83c2517c450d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2416

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3156cc6407069ebbfd20655fd869972986805ec525287a4f320f83c2517c450d.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2488

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3156cc6407069ebbfd20655fd869972986805ec525287a4f320f83c2517c450d.dll",DllRegisterServer
3⤵
PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2488-115-0x0000000000000000-mapping.dmp

Download
memory/2488-117-0x0000000000C15000-0x0000000000C16000-memory.dmp

Filesize
4KB

Download
memory/2488-116-0x0000000000BF1000-0x0000000000C15000-memory.dmp

Filesize
144KB

Download
memory/2776-118-0x0000000000000000-mapping.dmp

Download