f01b08185494291739a4962b94e18ee32695bb2cf34d23a8d8ac6bd03eb5dbe1 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:20

Sharing

Report Analysis Logs

General

Target

f01b08185494291739a4962b94e18ee32695bb2cf34d23a8d8ac6bd03eb5dbe1.dll
Size

574KB
MD5

f9b2203dd6c6a463b62141422af2bbdf
SHA1

0718ed08ce31777e4535435743c7f49f867556da
SHA256

f01b08185494291739a4962b94e18ee32695bb2cf34d23a8d8ac6bd03eb5dbe1
SHA512

a19960783408410e82daa59c31bbbd6654475c92740335677c02a0db301f03d16b67fe3b09511f6972a930dc64d611f5194660f049db5dc9eb560a899231e173

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3668 wrote to memory of 3724	3668	regsvr32.exe	regsvr32.exe
PID 3668 wrote to memory of 3724	3668	regsvr32.exe	regsvr32.exe
PID 3668 wrote to memory of 3724	3668	regsvr32.exe	regsvr32.exe
PID 3724 wrote to memory of 4100	3724	regsvr32.exe	rundll32.exe
PID 3724 wrote to memory of 4100	3724	regsvr32.exe	rundll32.exe
PID 3724 wrote to memory of 4100	3724	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f01b08185494291739a4962b94e18ee32695bb2cf34d23a8d8ac6bd03eb5dbe1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3668

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\f01b08185494291739a4962b94e18ee32695bb2cf34d23a8d8ac6bd03eb5dbe1.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3724

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f01b08185494291739a4962b94e18ee32695bb2cf34d23a8d8ac6bd03eb5dbe1.dll",DllRegisterServer
3⤵
PID:4100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3724-118-0x0000000000000000-mapping.dmp

Download
memory/3724-119-0x0000000000961000-0x0000000000985000-memory.dmp

Filesize
144KB

Download
memory/3724-120-0x0000000000985000-0x0000000000986000-memory.dmp

Filesize
4KB

Download
memory/4100-121-0x0000000000000000-mapping.dmp

Download