0c2500014d71e48e6d8a8f654f3612bee51d5b34263c6bff2cbc55fbc6df1668 | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:26

Sharing

Report Analysis Logs

General

Target

0c2500014d71e48e6d8a8f654f3612bee51d5b34263c6bff2cbc55fbc6df1668.dll
Size

574KB
MD5

6268f0c7328ce9fe6028fb56a4a84148
SHA1

98187027a59b7329bbceab1776b4164e073951fa
SHA256

0c2500014d71e48e6d8a8f654f3612bee51d5b34263c6bff2cbc55fbc6df1668
SHA512

0eb4a8e024861ff60e291844c6cc1e38970b48b8519ee4b1aa03b7db5b783f36e84da32c7b009b9651b484b9aaea0832e104576c09ecf95cabcd7406258b5fa8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3664 wrote to memory of 552	3664	regsvr32.exe	regsvr32.exe
PID 3664 wrote to memory of 552	3664	regsvr32.exe	regsvr32.exe
PID 3664 wrote to memory of 552	3664	regsvr32.exe	regsvr32.exe
PID 552 wrote to memory of 1208	552	regsvr32.exe	rundll32.exe
PID 552 wrote to memory of 1208	552	regsvr32.exe	rundll32.exe
PID 552 wrote to memory of 1208	552	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0c2500014d71e48e6d8a8f654f3612bee51d5b34263c6bff2cbc55fbc6df1668.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3664

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0c2500014d71e48e6d8a8f654f3612bee51d5b34263c6bff2cbc55fbc6df1668.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:552

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\0c2500014d71e48e6d8a8f654f3612bee51d5b34263c6bff2cbc55fbc6df1668.dll",DllRegisterServer
3⤵
PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/552-115-0x0000000000000000-mapping.dmp

Download
memory/552-117-0x0000000002BE5000-0x0000000002BE6000-memory.dmp

Filesize
4KB

Download
memory/552-116-0x0000000002BC1000-0x0000000002BE5000-memory.dmp

Filesize
144KB

Download
memory/1208-118-0x0000000000000000-mapping.dmp

Download