3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec | Triage

Analysis

max time kernel
123s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:26

Sharing

Report Analysis Logs

General

Target

3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll
Size

574KB
MD5

780299f164165617e176447866b16aba
SHA1

af32338b667d01b66759c74ff3673b7f9da54770
SHA256

3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec
SHA512

433967d00c6613bed91e910d7006bdbd7f626cf630075448cb8299e86c3074653757167ca1a52857abfff0f76df801660ec13518758e2354aaa43b529dd807f4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3068 wrote to memory of 3140	3068	regsvr32.exe	regsvr32.exe
PID 3068 wrote to memory of 3140	3068	regsvr32.exe	regsvr32.exe
PID 3068 wrote to memory of 3140	3068	regsvr32.exe	regsvr32.exe
PID 3140 wrote to memory of 3800	3140	regsvr32.exe	rundll32.exe
PID 3140 wrote to memory of 3800	3140	regsvr32.exe	rundll32.exe
PID 3140 wrote to memory of 3800	3140	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3068

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3140

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3dc890f3f8e44a5179d55505f8d4fdf4ea7b37e1f436ff976c3adb4de062b5ec.dll",DllRegisterServer
3⤵
PID:3800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3140-118-0x0000000000000000-mapping.dmp

Download
memory/3140-120-0x0000000000975000-0x0000000000976000-memory.dmp

Filesize
4KB

Download
memory/3140-119-0x0000000000951000-0x0000000000975000-memory.dmp

Filesize
144KB

Download
memory/3800-121-0x0000000000000000-mapping.dmp

Download