9c9dee48f5f838f80332f636398f84fd9a980caf2af28b5da2aa471d04b96203
General
Target
Filesize
Completed
9c9dee48f5f838f80332f636398f84fd9a980caf2af28b5da2aa471d04b96203.dll
574KB
15-01-2022 01:28
Score
1/10
MD5
SHA1
SHA256
2c51ede92ceebd6403fbd45cc52ef403
e88068e0ed4730e87533666f12bbbb13427fd182
9c9dee48f5f838f80332f636398f84fd9a980caf2af28b5da2aa471d04b96203
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2632 wrote to memory of 3052 2632 regsvr32.exe regsvr32.exe PID 2632 wrote to memory of 3052 2632 regsvr32.exe regsvr32.exe PID 2632 wrote to memory of 3052 2632 regsvr32.exe regsvr32.exe PID 3052 wrote to memory of 3580 3052 regsvr32.exe rundll32.exe PID 3052 wrote to memory of 3580 3052 regsvr32.exe rundll32.exe PID 3052 wrote to memory of 3580 3052 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2632regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9c9dee48f5f838f80332f636398f84fd9a980caf2af28b5da2aa471d04b96203.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:3052/s C:\Users\Admin\AppData\Local\Temp\9c9dee48f5f838f80332f636398f84fd9a980caf2af28b5da2aa471d04b96203.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3580C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\9c9dee48f5f838f80332f636398f84fd9a980caf2af28b5da2aa471d04b96203.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/3052-118-0x0000000000000000-mapping.dmp
-
memory/3052-119-0x0000000004491000-0x00000000044B5000-memory.dmp
-
memory/3052-120-0x00000000044B5000-0x00000000044B6000-memory.dmp
-
memory/3580-121-0x0000000000000000-mapping.dmp
Title
Loading data