Analysis
-
max time kernel
110s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:33
Static task
static1
Behavioral task
behavioral1
Sample
0e942398f9eec4c90e3b83ae76511f3114eb7e8ddf4e0968618aa07f5c83aff1.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
0e942398f9eec4c90e3b83ae76511f3114eb7e8ddf4e0968618aa07f5c83aff1.dll
-
Size
574KB
-
MD5
fb674822bacec86e7bb20e2b70bdff66
-
SHA1
f537b4dd988b92366538e140c25aff200fa86188
-
SHA256
0e942398f9eec4c90e3b83ae76511f3114eb7e8ddf4e0968618aa07f5c83aff1
-
SHA512
3637663099da11a15225976134952ec7e265933814588ba3f51366b99cff58be008ea514607d6634a7600de499f5640ccf5d665daefd76fe6dc15f4754327100
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 2736 wrote to memory of 3012 2736 regsvr32.exe regsvr32.exe PID 2736 wrote to memory of 3012 2736 regsvr32.exe regsvr32.exe PID 2736 wrote to memory of 3012 2736 regsvr32.exe regsvr32.exe PID 3012 wrote to memory of 3032 3012 regsvr32.exe rundll32.exe PID 3012 wrote to memory of 3032 3012 regsvr32.exe rundll32.exe PID 3012 wrote to memory of 3032 3012 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\0e942398f9eec4c90e3b83ae76511f3114eb7e8ddf4e0968618aa07f5c83aff1.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\0e942398f9eec4c90e3b83ae76511f3114eb7e8ddf4e0968618aa07f5c83aff1.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\0e942398f9eec4c90e3b83ae76511f3114eb7e8ddf4e0968618aa07f5c83aff1.dll",DllRegisterServer3⤵