Analysis
-
max time kernel
123s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:26
Static task
static1
Behavioral task
behavioral1
Sample
3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll
-
Size
574KB
-
MD5
780299f164165617e176447866b16aba
-
SHA1
af32338b667d01b66759c74ff3673b7f9da54770
-
SHA256
3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec
-
SHA512
433967d00c6613bed91e910d7006bdbd7f626cf630075448cb8299e86c3074653757167ca1a52857abfff0f76df801660ec13518758e2354aaa43b529dd807f4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3068 wrote to memory of 3140 3068 regsvr32.exe regsvr32.exe PID 3068 wrote to memory of 3140 3068 regsvr32.exe regsvr32.exe PID 3068 wrote to memory of 3140 3068 regsvr32.exe regsvr32.exe PID 3140 wrote to memory of 3800 3140 regsvr32.exe rundll32.exe PID 3140 wrote to memory of 3800 3140 regsvr32.exe rundll32.exe PID 3140 wrote to memory of 3800 3140 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll",DllRegisterServer3⤵