Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:26
Static task
static1
Behavioral task
behavioral1
Sample
91380e688d86e665195d1b9be37c15d89e7ca850943c548a9364539738e41c7f.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
91380e688d86e665195d1b9be37c15d89e7ca850943c548a9364539738e41c7f.dll
-
Size
574KB
-
MD5
2a43749002b52272b26d4f4986c45fe3
-
SHA1
dc168491c935329d8c9e5fe58eaf3209b53fe716
-
SHA256
91380e688d86e665195d1b9be37c15d89e7ca850943c548a9364539738e41c7f
-
SHA512
acac6792d938cdfbd9eba247b2018c49f45e4855ecca3b6db8673d844619996b768a0615a6f42153d45a5dbdd98658ff940ad3ec032964fba835280e64ddda6e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 2832 wrote to memory of 3484 2832 regsvr32.exe regsvr32.exe PID 2832 wrote to memory of 3484 2832 regsvr32.exe regsvr32.exe PID 2832 wrote to memory of 3484 2832 regsvr32.exe regsvr32.exe PID 3484 wrote to memory of 3524 3484 regsvr32.exe rundll32.exe PID 3484 wrote to memory of 3524 3484 regsvr32.exe rundll32.exe PID 3484 wrote to memory of 3524 3484 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\91380e688d86e665195d1b9be37c15d89e7ca850943c548a9364539738e41c7f.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\91380e688d86e665195d1b9be37c15d89e7ca850943c548a9364539738e41c7f.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\91380e688d86e665195d1b9be37c15d89e7ca850943c548a9364539738e41c7f.dll",DllRegisterServer3⤵