a84f2b4e5d9ced8f19cefc1e191308e7201b8ed90ec37bae59e5172e7df11a61
General
Target
Filesize
Completed
a84f2b4e5d9ced8f19cefc1e191308e7201b8ed90ec37bae59e5172e7df11a61.dll
574KB
15-01-2022 01:11
Score
1/10
MD5
SHA1
SHA256
48fdd22e03334bb5833aa9973c7ef43e
e6084b172252a38f7d23e2165569adfaacb4c0c4
a84f2b4e5d9ced8f19cefc1e191308e7201b8ed90ec37bae59e5172e7df11a61
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 3676 wrote to memory of 3648 3676 regsvr32.exe regsvr32.exe PID 3676 wrote to memory of 3648 3676 regsvr32.exe regsvr32.exe PID 3676 wrote to memory of 3648 3676 regsvr32.exe regsvr32.exe PID 3648 wrote to memory of 3484 3648 regsvr32.exe rundll32.exe PID 3648 wrote to memory of 3484 3648 regsvr32.exe rundll32.exe PID 3648 wrote to memory of 3484 3648 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:3676regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a84f2b4e5d9ced8f19cefc1e191308e7201b8ed90ec37bae59e5172e7df11a61.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:3648/s C:\Users\Admin\AppData\Local\Temp\a84f2b4e5d9ced8f19cefc1e191308e7201b8ed90ec37bae59e5172e7df11a61.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3484C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\a84f2b4e5d9ced8f19cefc1e191308e7201b8ed90ec37bae59e5172e7df11a61.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/3484-118-0x0000000000000000-mapping.dmp
-
memory/3648-115-0x0000000000000000-mapping.dmp
-
memory/3648-117-0x0000000000775000-0x0000000000776000-memory.dmp
-
memory/3648-116-0x0000000000751000-0x0000000000775000-memory.dmp
Title
Loading data