ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a

General
Target

ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a.dll

Filesize

574KB

Completed

15-01-2022 01:19

Score
1/10
MD5

54b98c3c5fe24e8bdb45f8864cebc576

SHA1

0c14251332f5df26750583e2fb0d0d29356f0bf4

SHA256

ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    regsvr32.exeregsvr32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 2604 wrote to memory of 27802604regsvr32.exeregsvr32.exe
    PID 2604 wrote to memory of 27802604regsvr32.exeregsvr32.exe
    PID 2604 wrote to memory of 27802604regsvr32.exeregsvr32.exe
    PID 2780 wrote to memory of 38682780regsvr32.exerundll32.exe
    PID 2780 wrote to memory of 38682780regsvr32.exerundll32.exe
    PID 2780 wrote to memory of 38682780regsvr32.exerundll32.exe
Processes 3
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a.dll
    Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a.dll
      Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ba08c1cd643de10bc956eda87420d0d48193f52db41fe82772aaf2faa97b3b7a.dll",DllRegisterServer
        PID:3868
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • memory/2780-118-0x0000000000000000-mapping.dmp

                            Download

                          • memory/2780-120-0x00000000013B5000-0x00000000013B6000-memory.dmp

                            Download

                          • memory/2780-119-0x0000000001391000-0x00000000013B5000-memory.dmp

                            Download

                          • memory/3868-121-0x0000000000000000-mapping.dmp

                            Download