92bc72d19096ca4a156002fb94a7451b418dd24d300fafc7efac67eee897ca48 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:16

Sharing

Report Analysis Logs

General

Target

92bc72d19096ca4a156002fb94a7451b418dd24d300fafc7efac67eee897ca48.dll
Size

574KB
MD5

0bb623482d6fed6e315d8be36e3bef0c
SHA1

95b09f510305db8d02a674bc297c83d789c1e645
SHA256

92bc72d19096ca4a156002fb94a7451b418dd24d300fafc7efac67eee897ca48
SHA512

d1ce1ff09e2578e9d99de2e51f656e70bec62c77a882c535af4c162c7f8c85122b29c5084cb8553cbb3fe30180d3038777d5037d84a6ddde014cc7ad356b339f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2608 wrote to memory of 2680	2608	regsvr32.exe	regsvr32.exe
PID 2608 wrote to memory of 2680	2608	regsvr32.exe	regsvr32.exe
PID 2608 wrote to memory of 2680	2608	regsvr32.exe	regsvr32.exe
PID 2680 wrote to memory of 3712	2680	regsvr32.exe	rundll32.exe
PID 2680 wrote to memory of 3712	2680	regsvr32.exe	rundll32.exe
PID 2680 wrote to memory of 3712	2680	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\92bc72d19096ca4a156002fb94a7451b418dd24d300fafc7efac67eee897ca48.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2608

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\92bc72d19096ca4a156002fb94a7451b418dd24d300fafc7efac67eee897ca48.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2680

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\92bc72d19096ca4a156002fb94a7451b418dd24d300fafc7efac67eee897ca48.dll",DllRegisterServer
3⤵
PID:3712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2680-114-0x0000000000000000-mapping.dmp

Download
memory/2680-115-0x0000000002F61000-0x0000000002F85000-memory.dmp

Filesize
144KB

Download
memory/2680-116-0x0000000002F85000-0x0000000002F86000-memory.dmp

Filesize
4KB

Download
memory/3712-117-0x0000000000000000-mapping.dmp

Download