ce2eec92e6bb5a1aac43807328e039edb0f3a9b6c9c0f24996457ab43698dd35 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:33

Sharing

Report Analysis Logs

General

Target

ce2eec92e6bb5a1aac43807328e039edb0f3a9b6c9c0f24996457ab43698dd35.dll
Size

574KB
MD5

ad76365fcae4f176d753164c1b8f25c8
SHA1

40099f243097f59b973774dfcbe87c969fc83308
SHA256

ce2eec92e6bb5a1aac43807328e039edb0f3a9b6c9c0f24996457ab43698dd35
SHA512

588047decd2ccdb75b4aee88ca9aec9d4ee3575e66ac42cc5fd963080d0b134385006199c4750e2d35a6008696281670d9ecb535d6844537c1541b705bd4f9fe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2848 wrote to memory of 2920	2848	regsvr32.exe	regsvr32.exe
PID 2848 wrote to memory of 2920	2848	regsvr32.exe	regsvr32.exe
PID 2848 wrote to memory of 2920	2848	regsvr32.exe	regsvr32.exe
PID 2920 wrote to memory of 1672	2920	regsvr32.exe	rundll32.exe
PID 2920 wrote to memory of 1672	2920	regsvr32.exe	rundll32.exe
PID 2920 wrote to memory of 1672	2920	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ce2eec92e6bb5a1aac43807328e039edb0f3a9b6c9c0f24996457ab43698dd35.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2848

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ce2eec92e6bb5a1aac43807328e039edb0f3a9b6c9c0f24996457ab43698dd35.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2920

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ce2eec92e6bb5a1aac43807328e039edb0f3a9b6c9c0f24996457ab43698dd35.dll",DllRegisterServer
3⤵
PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1672-118-0x0000000000000000-mapping.dmp

Download
memory/2920-115-0x0000000000000000-mapping.dmp

Download
memory/2920-117-0x0000000000C45000-0x0000000000C46000-memory.dmp

Filesize
4KB

Download
memory/2920-116-0x0000000000C21000-0x0000000000C45000-memory.dmp

Filesize
144KB

Download