25dfe77c0c3ea090dbb3ec6ca7387e178e4e20e65f9fbe172eb4a64fd5d0dac0
General
Target
Filesize
Completed
25dfe77c0c3ea090dbb3ec6ca7387e178e4e20e65f9fbe172eb4a64fd5d0dac0.dll
574KB
15-01-2022 01:11
Score
1/10
MD5
SHA1
SHA256
08cf6ea72d80dbb3f2ce9ba4a2b27aa4
9ea2a40ae2814c22704945e1db6cc3c812fa11a1
25dfe77c0c3ea090dbb3ec6ca7387e178e4e20e65f9fbe172eb4a64fd5d0dac0
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2612 wrote to memory of 2676 2612 regsvr32.exe regsvr32.exe PID 2612 wrote to memory of 2676 2612 regsvr32.exe regsvr32.exe PID 2612 wrote to memory of 2676 2612 regsvr32.exe regsvr32.exe PID 2676 wrote to memory of 2692 2676 regsvr32.exe rundll32.exe PID 2676 wrote to memory of 2692 2676 regsvr32.exe rundll32.exe PID 2676 wrote to memory of 2692 2676 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2612regsvr32 /s C:\Users\Admin\AppData\Local\Temp\25dfe77c0c3ea090dbb3ec6ca7387e178e4e20e65f9fbe172eb4a64fd5d0dac0.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2676/s C:\Users\Admin\AppData\Local\Temp\25dfe77c0c3ea090dbb3ec6ca7387e178e4e20e65f9fbe172eb4a64fd5d0dac0.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:2692C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\25dfe77c0c3ea090dbb3ec6ca7387e178e4e20e65f9fbe172eb4a64fd5d0dac0.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2676-118-0x0000000000000000-mapping.dmp
-
memory/2676-120-0x0000000000DF5000-0x0000000000DF6000-memory.dmp
-
memory/2676-119-0x0000000000DD1000-0x0000000000DF5000-memory.dmp
-
memory/2692-121-0x0000000000000000-mapping.dmp
Title
Loading data