c6a94fd72c6d4283be66670f2e2425318ae46d03640f36644d770d5c2550ba11 | Triage

Analysis

max time kernel
122s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:16

Sharing

Report Analysis Logs

General

Target

c6a94fd72c6d4283be66670f2e2425318ae46d03640f36644d770d5c2550ba11.dll
Size

574KB
MD5

d947f35ff98e9af0958d8a4d906f0ec7
SHA1

834171e0495f91901018b57604061df18ddb3081
SHA256

c6a94fd72c6d4283be66670f2e2425318ae46d03640f36644d770d5c2550ba11
SHA512

c18cf5875568b2ab3fdf126849ca4b3b427b33c939d261c89f00645791f388b6b259aea35296d1c7b6b37847f383f6a00872a62fd930078f6a753cfae565e1e4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2748 wrote to memory of 2064	2748	regsvr32.exe	regsvr32.exe
PID 2748 wrote to memory of 2064	2748	regsvr32.exe	regsvr32.exe
PID 2748 wrote to memory of 2064	2748	regsvr32.exe	regsvr32.exe
PID 2064 wrote to memory of 1540	2064	regsvr32.exe	rundll32.exe
PID 2064 wrote to memory of 1540	2064	regsvr32.exe	rundll32.exe
PID 2064 wrote to memory of 1540	2064	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c6a94fd72c6d4283be66670f2e2425318ae46d03640f36644d770d5c2550ba11.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2748

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c6a94fd72c6d4283be66670f2e2425318ae46d03640f36644d770d5c2550ba11.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2064

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c6a94fd72c6d4283be66670f2e2425318ae46d03640f36644d770d5c2550ba11.dll",DllRegisterServer
3⤵
PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1540-121-0x0000000000000000-mapping.dmp

Download
memory/2064-118-0x0000000000000000-mapping.dmp

Download
memory/2064-119-0x0000000000AA1000-0x0000000000AC5000-memory.dmp

Filesize
144KB

Download
memory/2064-120-0x0000000000AC5000-0x0000000000AC6000-memory.dmp

Filesize
4KB

Download