Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:33
Static task
static1
Behavioral task
behavioral1
Sample
4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dll
-
Size
574KB
-
MD5
bb2ff222921237a7da0d08d595f55eee
-
SHA1
170544b7d312ce12f8d616541b6cbda9bbd0d415
-
SHA256
4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d
-
SHA512
3cb215ac1eb1c1f4621cba6218b97a80c8f491684ef0a667174eee4f08b72920735f990958b437dbf9be824ad9767892ad73662c38d47a73202e242904252c0b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3380 wrote to memory of 3756 3380 regsvr32.exe regsvr32.exe PID 3380 wrote to memory of 3756 3380 regsvr32.exe regsvr32.exe PID 3380 wrote to memory of 3756 3380 regsvr32.exe regsvr32.exe PID 3756 wrote to memory of 3652 3756 regsvr32.exe rundll32.exe PID 3756 wrote to memory of 3652 3756 regsvr32.exe rundll32.exe PID 3756 wrote to memory of 3652 3756 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dll",DllRegisterServer3⤵