0eb60c85385a952c5720b735c0d76cebaadb1a6a5f3a588db20df3e6cead5d77 | Triage

Analysis

max time kernel
119s
max time network
130s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:09

Sharing

Report Analysis Logs

General

Target

0eb60c85385a952c5720b735c0d76cebaadb1a6a5f3a588db20df3e6cead5d77.dll
Size

574KB
MD5

884f8351c246fcdf784d6d1d1f1c8ab7
SHA1

2ca7e3c0dd4feeee22208b0e69d8600555373017
SHA256

0eb60c85385a952c5720b735c0d76cebaadb1a6a5f3a588db20df3e6cead5d77
SHA512

ea354e648cb96ffe317ad21863983cfd95910f460bcb5b4c21e61f87af89c30edb5a3feddf386a9657681c837396f506e340398541fa531ee5ea5b0a68d6f5b1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 4084 wrote to memory of 2476	4084	regsvr32.exe	regsvr32.exe
PID 4084 wrote to memory of 2476	4084	regsvr32.exe	regsvr32.exe
PID 4084 wrote to memory of 2476	4084	regsvr32.exe	regsvr32.exe
PID 2476 wrote to memory of 1344	2476	regsvr32.exe	rundll32.exe
PID 2476 wrote to memory of 1344	2476	regsvr32.exe	rundll32.exe
PID 2476 wrote to memory of 1344	2476	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0eb60c85385a952c5720b735c0d76cebaadb1a6a5f3a588db20df3e6cead5d77.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4084

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0eb60c85385a952c5720b735c0d76cebaadb1a6a5f3a588db20df3e6cead5d77.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2476

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\0eb60c85385a952c5720b735c0d76cebaadb1a6a5f3a588db20df3e6cead5d77.dll",DllRegisterServer
3⤵
PID:1344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1344-121-0x0000000000000000-mapping.dmp

Download
memory/2476-118-0x0000000000000000-mapping.dmp

Download
memory/2476-120-0x00000000026F5000-0x00000000026F6000-memory.dmp

Filesize
4KB

Download
memory/2476-119-0x00000000026D1000-0x00000000026F5000-memory.dmp

Filesize
144KB

Download