f7859b5d5b26a2f13ae564e43a0865f59601604f89ce92b725d02ca24a3c1f65 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:16

Sharing

Report Analysis Logs

General

Target

f7859b5d5b26a2f13ae564e43a0865f59601604f89ce92b725d02ca24a3c1f65.dll
Size

574KB
MD5

e442f3e993b6c80e0b091e54df0638d6
SHA1

e585dd0e2ab7006d12e5ebda9fcd3a409ec36faa
SHA256

f7859b5d5b26a2f13ae564e43a0865f59601604f89ce92b725d02ca24a3c1f65
SHA512

68d2a5240382f23a4ee52c0b7398ce03c3155c73849ed39d881b9a4d4d996e6d741c24411ca08e1561def0e49c042b0b464691a48feaa06d669c19ce8bbd5369

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3052 wrote to memory of 2692	3052	regsvr32.exe	regsvr32.exe
PID 3052 wrote to memory of 2692	3052	regsvr32.exe	regsvr32.exe
PID 3052 wrote to memory of 2692	3052	regsvr32.exe	regsvr32.exe
PID 2692 wrote to memory of 3884	2692	regsvr32.exe	rundll32.exe
PID 2692 wrote to memory of 3884	2692	regsvr32.exe	rundll32.exe
PID 2692 wrote to memory of 3884	2692	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f7859b5d5b26a2f13ae564e43a0865f59601604f89ce92b725d02ca24a3c1f65.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3052

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\f7859b5d5b26a2f13ae564e43a0865f59601604f89ce92b725d02ca24a3c1f65.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f7859b5d5b26a2f13ae564e43a0865f59601604f89ce92b725d02ca24a3c1f65.dll",DllRegisterServer
3⤵
PID:3884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2692-115-0x0000000000000000-mapping.dmp

Download
memory/2692-117-0x0000000000CF5000-0x0000000000CF6000-memory.dmp

Filesize
4KB

Download
memory/2692-116-0x0000000000CD1000-0x0000000000CF5000-memory.dmp

Filesize
144KB

Download
memory/3884-118-0x0000000000000000-mapping.dmp

Download