Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:20
Static task
static1
Behavioral task
behavioral1
Sample
dd598fb76c5137b1889c344674fdfcc86f70461995df66b85d7bcf8808a29aca.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
dd598fb76c5137b1889c344674fdfcc86f70461995df66b85d7bcf8808a29aca.dll
-
Size
574KB
-
MD5
7ebe8f01994721f50da21ec023470da1
-
SHA1
583d223888ca69cb66b3a80021383bb4f0a03769
-
SHA256
dd598fb76c5137b1889c344674fdfcc86f70461995df66b85d7bcf8808a29aca
-
SHA512
9cd826cd1a9f883f6ae6b2dfd207aba910c682bf03f40ad4a73679c3d4816283e48076e89080a9f99c5d6421da2fc5a495ea8d7de9ab4480f0e4f98ba59117ca
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3328 wrote to memory of 764 3328 regsvr32.exe regsvr32.exe PID 3328 wrote to memory of 764 3328 regsvr32.exe regsvr32.exe PID 3328 wrote to memory of 764 3328 regsvr32.exe regsvr32.exe PID 764 wrote to memory of 1172 764 regsvr32.exe rundll32.exe PID 764 wrote to memory of 1172 764 regsvr32.exe rundll32.exe PID 764 wrote to memory of 1172 764 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\dd598fb76c5137b1889c344674fdfcc86f70461995df66b85d7bcf8808a29aca.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\dd598fb76c5137b1889c344674fdfcc86f70461995df66b85d7bcf8808a29aca.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\dd598fb76c5137b1889c344674fdfcc86f70461995df66b85d7bcf8808a29aca.dll",DllRegisterServer3⤵