4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d
General
Target
Filesize
Completed
4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dll
574KB
15-01-2022 01:35
Score
1/10
MD5
SHA1
SHA256
bb2ff222921237a7da0d08d595f55eee
170544b7d312ce12f8d616541b6cbda9bbd0d415
4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryregsvr32.exeregsvr32.exe
Reported IOCs
description pid process target process PID 3380 wrote to memory of 3756 3380 regsvr32.exe regsvr32.exe PID 3380 wrote to memory of 3756 3380 regsvr32.exe regsvr32.exe PID 3380 wrote to memory of 3756 3380 regsvr32.exe regsvr32.exe PID 3756 wrote to memory of 3652 3756 regsvr32.exe rundll32.exe PID 3756 wrote to memory of 3652 3756 regsvr32.exe rundll32.exe PID 3756 wrote to memory of 3652 3756 regsvr32.exe rundll32.exe
Processes 3
-
C:\Windows\system32\regsvr32.exePID:3380regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exePID:3756/s C:\Users\Admin\AppData\Local\Temp\4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dllSuspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:3652C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\4dbf859d53096e65356805cfcdb0641b37895cc84a5437121018d13013e1ca8d.dll",DllRegisterServer
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/3652-118-0x0000000000000000-mapping.dmp
-
memory/3756-115-0x0000000000000000-mapping.dmp
-
memory/3756-117-0x00000000033A5000-0x00000000033A6000-memory.dmp
Title
Loading data