285e16fd95804d39ede5edaf3df26006a19beb580c59f3b003ff0196a8679563 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:16

Sharing

Report Analysis Logs

General

Target

285e16fd95804d39ede5edaf3df26006a19beb580c59f3b003ff0196a8679563.dll
Size

574KB
MD5

cf072cb54dcec72c5a67a720371f2a42
SHA1

6ade2de32cf18942b65c04b2025d0bc7996c3db4
SHA256

285e16fd95804d39ede5edaf3df26006a19beb580c59f3b003ff0196a8679563
SHA512

4a57276d599a4c22b4161ad133cd207f50a813d2a1a782f37dafd24f7048074755964bab183308c7a904b80fc58538fe4eb90352037b0b628f9759ee3943177b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2740 wrote to memory of 2772	2740	regsvr32.exe	regsvr32.exe
PID 2740 wrote to memory of 2772	2740	regsvr32.exe	regsvr32.exe
PID 2740 wrote to memory of 2772	2740	regsvr32.exe	regsvr32.exe
PID 2772 wrote to memory of 3816	2772	regsvr32.exe	rundll32.exe
PID 2772 wrote to memory of 3816	2772	regsvr32.exe	rundll32.exe
PID 2772 wrote to memory of 3816	2772	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\285e16fd95804d39ede5edaf3df26006a19beb580c59f3b003ff0196a8679563.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2740

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\285e16fd95804d39ede5edaf3df26006a19beb580c59f3b003ff0196a8679563.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2772

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\285e16fd95804d39ede5edaf3df26006a19beb580c59f3b003ff0196a8679563.dll",DllRegisterServer
3⤵
PID:3816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2772-115-0x0000000000000000-mapping.dmp

Download
memory/2772-117-0x00000000007A5000-0x00000000007A6000-memory.dmp

Filesize
4KB

Download
memory/2772-116-0x0000000000781000-0x00000000007A5000-memory.dmp

Filesize
144KB

Download
memory/3816-118-0x0000000000000000-mapping.dmp

Download