3c48288be65b2a6005b3aeeb423860e73d40755e630877c7782fd7c700fcef79 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:34

Sharing

Report Analysis Logs

General

Target

3c48288be65b2a6005b3aeeb423860e73d40755e630877c7782fd7c700fcef79.dll
Size

574KB
MD5

c50fdbb6f82cfbb512540befbbe126f9
SHA1

18f78dd9ecdc8f6341e8380cf02da335d3ac5ef0
SHA256

3c48288be65b2a6005b3aeeb423860e73d40755e630877c7782fd7c700fcef79
SHA512

c70745ab109d6b897c6be6096ec4743b5153052c8cbcfe0fbc5103cb968d0076308e81c9f2fe6cc8270338e985dca45dea087edde6b9d778ca3b42d73b8b2185

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3600 wrote to memory of 3712	3600	regsvr32.exe	regsvr32.exe
PID 3600 wrote to memory of 3712	3600	regsvr32.exe	regsvr32.exe
PID 3600 wrote to memory of 3712	3600	regsvr32.exe	regsvr32.exe
PID 3712 wrote to memory of 2464	3712	regsvr32.exe	rundll32.exe
PID 3712 wrote to memory of 2464	3712	regsvr32.exe	rundll32.exe
PID 3712 wrote to memory of 2464	3712	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3c48288be65b2a6005b3aeeb423860e73d40755e630877c7782fd7c700fcef79.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3600

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3c48288be65b2a6005b3aeeb423860e73d40755e630877c7782fd7c700fcef79.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3712

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3c48288be65b2a6005b3aeeb423860e73d40755e630877c7782fd7c700fcef79.dll",DllRegisterServer
3⤵
PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2464-118-0x0000000000000000-mapping.dmp

Download
memory/3712-115-0x0000000000000000-mapping.dmp

Download
memory/3712-117-0x0000000004715000-0x0000000004716000-memory.dmp

Filesize
4KB

Download
memory/3712-116-0x00000000046F1000-0x0000000004715000-memory.dmp

Filesize
144KB

Download