Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:16
Static task
static1
Behavioral task
behavioral1
Sample
ce29ed19a8387e9512f91202502fa581077541d079c33633e7412269d49a1149.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
ce29ed19a8387e9512f91202502fa581077541d079c33633e7412269d49a1149.dll
-
Size
574KB
-
MD5
dcbcfcd0599ce404ccaa3feb19db6a84
-
SHA1
e791826eaa417db349267a91613876dbcf1a10aa
-
SHA256
ce29ed19a8387e9512f91202502fa581077541d079c33633e7412269d49a1149
-
SHA512
e78d78a70e0decbf678e886aa1067c7a96f1c5d7cda5b67d03c269e8ef6ec7b40b33d5931c23bd7022147859414b7768d25619c2a239fe5ec3d3edb531c88d2f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 2336 wrote to memory of 2504 2336 regsvr32.exe regsvr32.exe PID 2336 wrote to memory of 2504 2336 regsvr32.exe regsvr32.exe PID 2336 wrote to memory of 2504 2336 regsvr32.exe regsvr32.exe PID 2504 wrote to memory of 2760 2504 regsvr32.exe rundll32.exe PID 2504 wrote to memory of 2760 2504 regsvr32.exe rundll32.exe PID 2504 wrote to memory of 2760 2504 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\ce29ed19a8387e9512f91202502fa581077541d079c33633e7412269d49a1149.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\ce29ed19a8387e9512f91202502fa581077541d079c33633e7412269d49a1149.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ce29ed19a8387e9512f91202502fa581077541d079c33633e7412269d49a1149.dll",DllRegisterServer3⤵