27b13f798601cc034a8fa43acb36934c50a088f12d929ef242140c7c3efd4ee9 | Triage

Analysis

max time kernel
111s
max time network
114s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:20

Sharing

Report Analysis Logs

General

Target

27b13f798601cc034a8fa43acb36934c50a088f12d929ef242140c7c3efd4ee9.dll
Size

574KB
MD5

d3ada63a742bf975c28a5ff7f045d608
SHA1

459771324187559446f47e0bb8ef455152d1f54f
SHA256

27b13f798601cc034a8fa43acb36934c50a088f12d929ef242140c7c3efd4ee9
SHA512

17444afeae10beda63504e46a0f35ac4e8bb1ad53a73f196e6ab157614719c0d738ef4dad20c2666d835438d46e792147f352ec9780016b72534a71d28e8c239

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2940 wrote to memory of 3532	2940	regsvr32.exe	regsvr32.exe
PID 2940 wrote to memory of 3532	2940	regsvr32.exe	regsvr32.exe
PID 2940 wrote to memory of 3532	2940	regsvr32.exe	regsvr32.exe
PID 3532 wrote to memory of 3880	3532	regsvr32.exe	rundll32.exe
PID 3532 wrote to memory of 3880	3532	regsvr32.exe	rundll32.exe
PID 3532 wrote to memory of 3880	3532	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\27b13f798601cc034a8fa43acb36934c50a088f12d929ef242140c7c3efd4ee9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2940

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\27b13f798601cc034a8fa43acb36934c50a088f12d929ef242140c7c3efd4ee9.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3532

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\27b13f798601cc034a8fa43acb36934c50a088f12d929ef242140c7c3efd4ee9.dll",DllRegisterServer
3⤵
PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3532-115-0x0000000000000000-mapping.dmp

Download
memory/3532-117-0x0000000000A45000-0x0000000000A46000-memory.dmp

Filesize
4KB

Download
memory/3532-116-0x0000000000A21000-0x0000000000A45000-memory.dmp

Filesize
144KB

Download
memory/3880-118-0x0000000000000000-mapping.dmp

Download