801561ff3eb8b01945cc6daf5b377a40960cc3a5edaacb87a591d44cf59442e9 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:16

Sharing

Report Analysis Logs

General

Target

801561ff3eb8b01945cc6daf5b377a40960cc3a5edaacb87a591d44cf59442e9.dll
Size

574KB
MD5

d8f35bf6d1f28eaffd588f07b5f882e2
SHA1

068b328dbcfb479a8ce83691ef00a0e496b66565
SHA256

801561ff3eb8b01945cc6daf5b377a40960cc3a5edaacb87a591d44cf59442e9
SHA512

77b0fefc46c3fb87412937a63cec366000e2f8f40a9b9dd9ad46fa921b84e346e42a92f17283696d1726e9ac9a4dc889ffddb9841075bbd534f5082539a61c6b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3604 wrote to memory of 3468	3604	regsvr32.exe	regsvr32.exe
PID 3604 wrote to memory of 3468	3604	regsvr32.exe	regsvr32.exe
PID 3604 wrote to memory of 3468	3604	regsvr32.exe	regsvr32.exe
PID 3468 wrote to memory of 3596	3468	regsvr32.exe	rundll32.exe
PID 3468 wrote to memory of 3596	3468	regsvr32.exe	rundll32.exe
PID 3468 wrote to memory of 3596	3468	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\801561ff3eb8b01945cc6daf5b377a40960cc3a5edaacb87a591d44cf59442e9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3604

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\801561ff3eb8b01945cc6daf5b377a40960cc3a5edaacb87a591d44cf59442e9.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3468

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\801561ff3eb8b01945cc6daf5b377a40960cc3a5edaacb87a591d44cf59442e9.dll",DllRegisterServer
3⤵
PID:3596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3468-115-0x0000000000000000-mapping.dmp

Download
memory/3468-116-0x0000000000CB1000-0x0000000000CD5000-memory.dmp

Filesize
144KB

Download
memory/3468-117-0x0000000000CD5000-0x0000000000CD6000-memory.dmp

Filesize
4KB

Download
memory/3596-118-0x0000000000000000-mapping.dmp

Download