394576884134606215869aa6426da752099088e1cdc65afa0bcfc1dcea4dd3ea | Triage

Analysis

max time kernel
79s
max time network
119s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:20

Sharing

Report Analysis Logs

General

Target

394576884134606215869aa6426da752099088e1cdc65afa0bcfc1dcea4dd3ea.dll
Size

574KB
MD5

28d1fb629d1b12a1eb4555168c505357
SHA1

426fb1f6401d8fc8c0213a05a982c94b4702c3f1
SHA256

394576884134606215869aa6426da752099088e1cdc65afa0bcfc1dcea4dd3ea
SHA512

ac02ddacb805d00a7fcfc9501b702558a59d5385a4e8e875cf6005d01d7474c3c6ffb0502bc73e65198ccc385953ebe841834493ba0bb0573d261debf3b4732b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2648 wrote to memory of 2728	2648	regsvr32.exe	regsvr32.exe
PID 2648 wrote to memory of 2728	2648	regsvr32.exe	regsvr32.exe
PID 2648 wrote to memory of 2728	2648	regsvr32.exe	regsvr32.exe
PID 2728 wrote to memory of 3796	2728	regsvr32.exe	rundll32.exe
PID 2728 wrote to memory of 3796	2728	regsvr32.exe	rundll32.exe
PID 2728 wrote to memory of 3796	2728	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\394576884134606215869aa6426da752099088e1cdc65afa0bcfc1dcea4dd3ea.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2648

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\394576884134606215869aa6426da752099088e1cdc65afa0bcfc1dcea4dd3ea.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2728

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\394576884134606215869aa6426da752099088e1cdc65afa0bcfc1dcea4dd3ea.dll",DllRegisterServer
3⤵
PID:3796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-115-0x0000000000000000-mapping.dmp

Download
memory/2728-117-0x0000000000D75000-0x0000000000D76000-memory.dmp

Filesize
4KB

Download
memory/2728-116-0x0000000000D51000-0x0000000000D75000-memory.dmp

Filesize
144KB

Download
memory/3796-118-0x0000000000000000-mapping.dmp

Download