ba0a0438694f2b82e709c946cf086a000c9a8030811d4bd9c8216067f29ddcc4
General
Target
Filesize
Completed
ba0a0438694f2b82e709c946cf086a000c9a8030811d4bd9c8216067f29ddcc4.dll
574KB
15-01-2022 01:18
Score
1/10
MD5
SHA1
SHA256
fe713c9b190b703b8cf71497e6bb485c
a0896f80f892d053038bbef122a9a6844fd3a29c
ba0a0438694f2b82e709c946cf086a000c9a8030811d4bd9c8216067f29ddcc4
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 1384 wrote to memory of 1300 1384 regsvr32.exe regsvr32.exe PID 1384 wrote to memory of 1300 1384 regsvr32.exe regsvr32.exe PID 1384 wrote to memory of 1300 1384 regsvr32.exe regsvr32.exe PID 1300 wrote to memory of 1492 1300 regsvr32.exe rundll32.exe PID 1300 wrote to memory of 1492 1300 regsvr32.exe rundll32.exe PID 1300 wrote to memory of 1492 1300 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:1384regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ba0a0438694f2b82e709c946cf086a000c9a8030811d4bd9c8216067f29ddcc4.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:1300/s C:\Users\Admin\AppData\Local\Temp\ba0a0438694f2b82e709c946cf086a000c9a8030811d4bd9c8216067f29ddcc4.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:1492C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ba0a0438694f2b82e709c946cf086a000c9a8030811d4bd9c8216067f29ddcc4.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/1300-115-0x0000000000000000-mapping.dmp
-
memory/1300-117-0x0000000003465000-0x0000000003466000-memory.dmp
-
memory/1300-116-0x0000000003441000-0x0000000003465000-memory.dmp
-
memory/1492-118-0x0000000000000000-mapping.dmp
Title
Loading data