914385279ac89cbe97fd93e89f9c645b2ec48fc5d6e92b954a6498f0eed315f5
General
Target
Filesize
Completed
914385279ac89cbe97fd93e89f9c645b2ec48fc5d6e92b954a6498f0eed315f5.dll
574KB
15-01-2022 01:22
Score
1/10
MD5
SHA1
SHA256
4c689d53595169c22761949614c6d0dd
1cf7d094bfb879a63ca0e4c3b542ffe48ea62c1e
914385279ac89cbe97fd93e89f9c645b2ec48fc5d6e92b954a6498f0eed315f5
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2704 wrote to memory of 2752 2704 regsvr32.exe regsvr32.exe PID 2704 wrote to memory of 2752 2704 regsvr32.exe regsvr32.exe PID 2704 wrote to memory of 2752 2704 regsvr32.exe regsvr32.exe PID 2752 wrote to memory of 3452 2752 regsvr32.exe rundll32.exe PID 2752 wrote to memory of 3452 2752 regsvr32.exe rundll32.exe PID 2752 wrote to memory of 3452 2752 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2704regsvr32 /s C:\Users\Admin\AppData\Local\Temp\914385279ac89cbe97fd93e89f9c645b2ec48fc5d6e92b954a6498f0eed315f5.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2752/s C:\Users\Admin\AppData\Local\Temp\914385279ac89cbe97fd93e89f9c645b2ec48fc5d6e92b954a6498f0eed315f5.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3452C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\914385279ac89cbe97fd93e89f9c645b2ec48fc5d6e92b954a6498f0eed315f5.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/2752-115-0x0000000000000000-mapping.dmp
-
memory/2752-117-0x0000000004AB5000-0x0000000004AB6000-memory.dmp
-
memory/2752-116-0x0000000004A91000-0x0000000004AB5000-memory.dmp
-
memory/3452-118-0x0000000000000000-mapping.dmp
Title
Loading data