50a6ffae8f7979d6cedfca025cb8484e6e6d74f95460af34ddc06b91164bd00d | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:20

Sharing

Report Analysis Logs

General

Target

50a6ffae8f7979d6cedfca025cb8484e6e6d74f95460af34ddc06b91164bd00d.dll
Size

574KB
MD5

08e95f427d07c6a36094dd19eefc060a
SHA1

0b08c90620d69fdc9adbf63d4b02f9dfafb9397a
SHA256

50a6ffae8f7979d6cedfca025cb8484e6e6d74f95460af34ddc06b91164bd00d
SHA512

82ca0c9d2bae86a40b5d992796711ccb5087a19b168dcccd748516e16c83c62f6725431eaaa61b7e20f85fb241406459c01d0c671f5b597fbdbb22b211777a8d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2684 wrote to memory of 2700	2684	regsvr32.exe	regsvr32.exe
PID 2684 wrote to memory of 2700	2684	regsvr32.exe	regsvr32.exe
PID 2684 wrote to memory of 2700	2684	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 3392	2700	regsvr32.exe	rundll32.exe
PID 2700 wrote to memory of 3392	2700	regsvr32.exe	rundll32.exe
PID 2700 wrote to memory of 3392	2700	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\50a6ffae8f7979d6cedfca025cb8484e6e6d74f95460af34ddc06b91164bd00d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2684

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\50a6ffae8f7979d6cedfca025cb8484e6e6d74f95460af34ddc06b91164bd00d.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\50a6ffae8f7979d6cedfca025cb8484e6e6d74f95460af34ddc06b91164bd00d.dll",DllRegisterServer
3⤵
PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2700-115-0x0000000000000000-mapping.dmp

Download
memory/2700-116-0x0000000003441000-0x0000000003465000-memory.dmp

Filesize
144KB

Download
memory/2700-117-0x0000000003465000-0x0000000003466000-memory.dmp

Filesize
4KB

Download
memory/3392-118-0x0000000000000000-mapping.dmp

Download