4b13c6d7203a13c8178194412560869500dc47b24c8d9bf84356ac47b5c698d2 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:26

Sharing

Report Analysis Logs

General

Target

4b13c6d7203a13c8178194412560869500dc47b24c8d9bf84356ac47b5c698d2.dll
Size

574KB
MD5

fc4b3f10da777483d8aa4bfbd8b789fa
SHA1

98fd6c84b23d1fd3370d94abc092d35adca28f48
SHA256

4b13c6d7203a13c8178194412560869500dc47b24c8d9bf84356ac47b5c698d2
SHA512

3160327e3f4990f68225b2fd8963a8b90c42559d164ac6eefa661eb7a9854910e34deb225bbbbc7df6a8086c9e252c065e0083ec4701f45e3d0ece9463dd3e1d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2724 wrote to memory of 3064	2724	regsvr32.exe	regsvr32.exe
PID 2724 wrote to memory of 3064	2724	regsvr32.exe	regsvr32.exe
PID 2724 wrote to memory of 3064	2724	regsvr32.exe	regsvr32.exe
PID 3064 wrote to memory of 2444	3064	regsvr32.exe	rundll32.exe
PID 3064 wrote to memory of 2444	3064	regsvr32.exe	rundll32.exe
PID 3064 wrote to memory of 2444	3064	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4b13c6d7203a13c8178194412560869500dc47b24c8d9bf84356ac47b5c698d2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2724

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\4b13c6d7203a13c8178194412560869500dc47b24c8d9bf84356ac47b5c698d2.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3064

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\4b13c6d7203a13c8178194412560869500dc47b24c8d9bf84356ac47b5c698d2.dll",DllRegisterServer
3⤵
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2444-118-0x0000000000000000-mapping.dmp

Download
memory/3064-115-0x0000000000000000-mapping.dmp

Download
memory/3064-117-0x00000000007B5000-0x00000000007B6000-memory.dmp

Filesize
4KB

Download
memory/3064-116-0x0000000000791000-0x00000000007B5000-memory.dmp

Filesize
144KB

Download