587378962d25ef1168b8c2ee986818b6b8b5a2ffca2292c50913394b144f9eb4 | Triage

Analysis

max time kernel
121s
max time network
115s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:16

Sharing

Report Analysis Logs

General

Target

587378962d25ef1168b8c2ee986818b6b8b5a2ffca2292c50913394b144f9eb4.dll
Size

574KB
MD5

ca3515366c16c92d0a97cc4e6f4fe3e9
SHA1

7c90aa3e7b354fb69a257a55fb28f95105db4aaa
SHA256

587378962d25ef1168b8c2ee986818b6b8b5a2ffca2292c50913394b144f9eb4
SHA512

f246b19480612b36a8309fb6d0405d5674bfc3d20d54413f5f1e16ab5cff81bcb33c2ae5517b15afc91f0a1ff1595eaa27860c07e3f160a513df3715e451096f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2808 wrote to memory of 3488	2808	regsvr32.exe	regsvr32.exe
PID 2808 wrote to memory of 3488	2808	regsvr32.exe	regsvr32.exe
PID 2808 wrote to memory of 3488	2808	regsvr32.exe	regsvr32.exe
PID 3488 wrote to memory of 3060	3488	regsvr32.exe	rundll32.exe
PID 3488 wrote to memory of 3060	3488	regsvr32.exe	rundll32.exe
PID 3488 wrote to memory of 3060	3488	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\587378962d25ef1168b8c2ee986818b6b8b5a2ffca2292c50913394b144f9eb4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2808

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\587378962d25ef1168b8c2ee986818b6b8b5a2ffca2292c50913394b144f9eb4.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3488

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\587378962d25ef1168b8c2ee986818b6b8b5a2ffca2292c50913394b144f9eb4.dll",DllRegisterServer
3⤵
PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3060-118-0x0000000000000000-mapping.dmp

Download
memory/3488-115-0x0000000000000000-mapping.dmp

Download
memory/3488-116-0x0000000004EE1000-0x0000000004F05000-memory.dmp

Filesize
144KB

Download
memory/3488-117-0x0000000004F05000-0x0000000004F06000-memory.dmp

Filesize
4KB

Download