1c35ce79b7063725ac1b6a8e4f488f2281f6766231d9321a9cb568938fa21cc7 | Triage

Analysis

max time kernel
82s
max time network
119s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:20

Sharing

Report Analysis Logs

General

Target

1c35ce79b7063725ac1b6a8e4f488f2281f6766231d9321a9cb568938fa21cc7.dll
Size

574KB
MD5

6088d1ea779bbdc6fc4bc191f3acfc26
SHA1

0445bb132a54041472c7223935c3b481d2b8c737
SHA256

1c35ce79b7063725ac1b6a8e4f488f2281f6766231d9321a9cb568938fa21cc7
SHA512

44ea6baf0dc58341741d2f9019a5e9b6bfa1ba841271acfdfb7a463ce859b58ef783315e1dd3567f7fa047b55cd74a41716f88b9466394bf956180109b82392c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2548 wrote to memory of 2060	2548	regsvr32.exe	regsvr32.exe
PID 2548 wrote to memory of 2060	2548	regsvr32.exe	regsvr32.exe
PID 2548 wrote to memory of 2060	2548	regsvr32.exe	regsvr32.exe
PID 2060 wrote to memory of 708	2060	regsvr32.exe	rundll32.exe
PID 2060 wrote to memory of 708	2060	regsvr32.exe	rundll32.exe
PID 2060 wrote to memory of 708	2060	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1c35ce79b7063725ac1b6a8e4f488f2281f6766231d9321a9cb568938fa21cc7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2548

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\1c35ce79b7063725ac1b6a8e4f488f2281f6766231d9321a9cb568938fa21cc7.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2060

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\1c35ce79b7063725ac1b6a8e4f488f2281f6766231d9321a9cb568938fa21cc7.dll",DllRegisterServer
3⤵
PID:708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/708-118-0x0000000000000000-mapping.dmp

Download
memory/2060-115-0x0000000000000000-mapping.dmp

Download
memory/2060-117-0x0000000003095000-0x0000000003096000-memory.dmp

Filesize
4KB

Download