10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:34

Sharing

Report Analysis Logs

General

Target

10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b.dll
Size

574KB
MD5

d3b076f26ba5bce2057b08cf65f23a84
SHA1

54cbb057fce1eabbb9d65e90e266c9ed9bdab451
SHA256

10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b
SHA512

8c678b29afa1d37f26d9fc432a10a0f2c2f2994489197e591fccfa8abcf3da92d7c6f4238103500a98d3fd7ab18c16224a050fe5f5213bac1cb366d974577d1a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2696 wrote to memory of 2700	2696	regsvr32.exe	regsvr32.exe
PID 2696 wrote to memory of 2700	2696	regsvr32.exe	regsvr32.exe
PID 2696 wrote to memory of 2700	2696	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 1580	2700	regsvr32.exe	rundll32.exe
PID 2700 wrote to memory of 1580	2700	regsvr32.exe	rundll32.exe
PID 2700 wrote to memory of 1580	2700	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2696

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b.dll",DllRegisterServer
3⤵
PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1580-118-0x0000000000000000-mapping.dmp

Download
memory/2700-115-0x0000000000000000-mapping.dmp

Download
memory/2700-117-0x0000000004595000-0x0000000004596000-memory.dmp

Filesize
4KB

Download
memory/2700-116-0x0000000004571000-0x0000000004595000-memory.dmp

Filesize
144KB

Download