63318c6e0fa7dafa128696d022a83f72967f89af94cb44311ec4e83abfba9044 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:20

Sharing

Report Analysis Logs

General

Target

63318c6e0fa7dafa128696d022a83f72967f89af94cb44311ec4e83abfba9044.dll
Size

574KB
MD5

05cb1612e541a4bef3ccdec0c988b880
SHA1

89421b36dcae99c26797c1bbbeb194f485c36611
SHA256

63318c6e0fa7dafa128696d022a83f72967f89af94cb44311ec4e83abfba9044
SHA512

c97566e0142d94d33dfb07eee9de7e73c5abd6281cb2d70bb82cf6ed5678aafb7dbd3fb8c8172e5bc2eddf7463dd2aa088ed73515f186e06bcc6f98352f53dd9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3068 wrote to memory of 3160	3068	regsvr32.exe	regsvr32.exe
PID 3068 wrote to memory of 3160	3068	regsvr32.exe	regsvr32.exe
PID 3068 wrote to memory of 3160	3068	regsvr32.exe	regsvr32.exe
PID 3160 wrote to memory of 2588	3160	regsvr32.exe	rundll32.exe
PID 3160 wrote to memory of 2588	3160	regsvr32.exe	rundll32.exe
PID 3160 wrote to memory of 2588	3160	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\63318c6e0fa7dafa128696d022a83f72967f89af94cb44311ec4e83abfba9044.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3068

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\63318c6e0fa7dafa128696d022a83f72967f89af94cb44311ec4e83abfba9044.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3160

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\63318c6e0fa7dafa128696d022a83f72967f89af94cb44311ec4e83abfba9044.dll",DllRegisterServer
3⤵
PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2588-118-0x0000000000000000-mapping.dmp

Download
memory/3160-115-0x0000000000000000-mapping.dmp

Download
memory/3160-117-0x00000000009C5000-0x00000000009C6000-memory.dmp

Filesize
4KB

Download
memory/3160-116-0x00000000009A1000-0x00000000009C5000-memory.dmp

Filesize
144KB

Download