9caa54943b5d009ad41e975fc56f1b9771cdf9237fea48a11c081493a07ab0b0 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:20

Sharing

Report Analysis Logs

General

Target

9caa54943b5d009ad41e975fc56f1b9771cdf9237fea48a11c081493a07ab0b0.dll
Size

574KB
MD5

3ddc96812e347c89f5c1fef805462e9d
SHA1

ba686d9d9caa7d35b1c9ee507863645f029a385c
SHA256

9caa54943b5d009ad41e975fc56f1b9771cdf9237fea48a11c081493a07ab0b0
SHA512

433f013db921ef0ccdc034762c36e5815d9120ee3300743891bc0c6330980e1246debcf079c188ef6b7c82803ade5643b2f653dd4d68686cf0fa68545901f941

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2472 wrote to memory of 2480	2472	regsvr32.exe	regsvr32.exe
PID 2472 wrote to memory of 2480	2472	regsvr32.exe	regsvr32.exe
PID 2472 wrote to memory of 2480	2472	regsvr32.exe	regsvr32.exe
PID 2480 wrote to memory of 3064	2480	regsvr32.exe	rundll32.exe
PID 2480 wrote to memory of 3064	2480	regsvr32.exe	rundll32.exe
PID 2480 wrote to memory of 3064	2480	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9caa54943b5d009ad41e975fc56f1b9771cdf9237fea48a11c081493a07ab0b0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2472

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\9caa54943b5d009ad41e975fc56f1b9771cdf9237fea48a11c081493a07ab0b0.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2480

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\9caa54943b5d009ad41e975fc56f1b9771cdf9237fea48a11c081493a07ab0b0.dll",DllRegisterServer
3⤵
PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2480-115-0x0000000000000000-mapping.dmp

Download
memory/2480-117-0x0000000002C25000-0x0000000002C26000-memory.dmp

Filesize
4KB

Download
memory/3064-118-0x0000000000000000-mapping.dmp

Download