ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a | Triage

Analysis

max time kernel
118s
max time network
129s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:16

Sharing

Report Analysis Logs

General

Target

ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a.dll
Size

574KB
MD5

54b98c3c5fe24e8bdb45f8864cebc576
SHA1

0c14251332f5df26750583e2fb0d0d29356f0bf4
SHA256

ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a
SHA512

c7d78be5f2f72eb9aafb887e30f24ffd7baa8e12b96723266dddfd21120948f2bc1688d9abbb7ab93563ee0b16d97d4ab950c0267289daa64528723d4d97cbd9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2604 wrote to memory of 2780	2604	regsvr32.exe	regsvr32.exe
PID 2604 wrote to memory of 2780	2604	regsvr32.exe	regsvr32.exe
PID 2604 wrote to memory of 2780	2604	regsvr32.exe	regsvr32.exe
PID 2780 wrote to memory of 3868	2780	regsvr32.exe	rundll32.exe
PID 2780 wrote to memory of 3868	2780	regsvr32.exe	rundll32.exe
PID 2780 wrote to memory of 3868	2780	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2604

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2780

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a.dll",DllRegisterServer
3⤵
PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2780-118-0x0000000000000000-mapping.dmp

Download
memory/2780-120-0x00000000013B5000-0x00000000013B6000-memory.dmp

Filesize
4KB

Download
memory/2780-119-0x0000000001391000-0x00000000013B5000-memory.dmp

Filesize
144KB

Download
memory/3868-121-0x0000000000000000-mapping.dmp

Download