a03b25353700f3ecc19939dc46dfd6159305b948c5310d45651d4f8d43e61a6c | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:33

Sharing

Report Analysis Logs

General

Target

a03b25353700f3ecc19939dc46dfd6159305b948c5310d45651d4f8d43e61a6c.dll
Size

574KB
MD5

49fb3af1616cb22dbf5c304199e6a03c
SHA1

a51ff58fc4471e9557f27642eeb87ebf6b2c9983
SHA256

a03b25353700f3ecc19939dc46dfd6159305b948c5310d45651d4f8d43e61a6c
SHA512

1317617d903e87850b8d04c4c8962e118524b08be225ca4ff20f29eea22063b0f7d5b8b0d8485485d26cabcf3a2d9d8313aecb0a88d67828ab9c8a7943226dfe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 668 wrote to memory of 2888	668	regsvr32.exe	regsvr32.exe
PID 668 wrote to memory of 2888	668	regsvr32.exe	regsvr32.exe
PID 668 wrote to memory of 2888	668	regsvr32.exe	regsvr32.exe
PID 2888 wrote to memory of 780	2888	regsvr32.exe	rundll32.exe
PID 2888 wrote to memory of 780	2888	regsvr32.exe	rundll32.exe
PID 2888 wrote to memory of 780	2888	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a03b25353700f3ecc19939dc46dfd6159305b948c5310d45651d4f8d43e61a6c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:668

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a03b25353700f3ecc19939dc46dfd6159305b948c5310d45651d4f8d43e61a6c.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2888

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\a03b25353700f3ecc19939dc46dfd6159305b948c5310d45651d4f8d43e61a6c.dll",DllRegisterServer
3⤵
PID:780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/780-118-0x0000000000000000-mapping.dmp

Download
memory/2888-115-0x0000000000000000-mapping.dmp

Download
memory/2888-117-0x0000000004D45000-0x0000000004D46000-memory.dmp

Filesize
4KB

Download
memory/2888-116-0x0000000004D21000-0x0000000004D45000-memory.dmp

Filesize
144KB

Download