10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b
General
Target
Filesize
Completed
10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b.dll
574KB
15-01-2022 01:36
Score
1/10
MD5
SHA1
SHA256
d3b076f26ba5bce2057b08cf65f23a84
54cbb057fce1eabbb9d65e90e266c9ed9bdab451
10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 2696 wrote to memory of 2700 2696 regsvr32.exe regsvr32.exe PID 2696 wrote to memory of 2700 2696 regsvr32.exe regsvr32.exe PID 2696 wrote to memory of 2700 2696 regsvr32.exe regsvr32.exe PID 2700 wrote to memory of 1580 2700 regsvr32.exe rundll32.exe PID 2700 wrote to memory of 1580 2700 regsvr32.exe rundll32.exe PID 2700 wrote to memory of 1580 2700 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:2696regsvr32 /s C:\Users\Admin\AppData\Local\Temp\10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:2700/s C:\Users\Admin\AppData\Local\Temp\10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:1580C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\10488519709c55a8f5c686c998db4e6a0e1f0be67a0b324c18a46480a72daa4b.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/1580-118-0x0000000000000000-mapping.dmp
-
memory/2700-115-0x0000000000000000-mapping.dmp
-
memory/2700-117-0x0000000004595000-0x0000000004596000-memory.dmp
-
memory/2700-116-0x0000000004571000-0x0000000004595000-memory.dmp
Title
Loading data