3142ebf28b4c68d271349c6052cac58f456121abf9b6c1a18f996940366d43fe | Triage

Analysis

max time kernel
62s
max time network
112s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:55

Sharing

Report Analysis Logs

General

Target

3142ebf28b4c68d271349c6052cac58f456121abf9b6c1a18f996940366d43fe.dll
Size

574KB
MD5

5266b08823400456a8f6e80121e2342f
SHA1

6c87d9185e91c6e0c7dab53dd524d18eab4eb8b4
SHA256

3142ebf28b4c68d271349c6052cac58f456121abf9b6c1a18f996940366d43fe
SHA512

d95aebb568c4cb7585ee94dfe0966eaa9665b2f83ec4e0045e5622faa21c2d723450154f69207ca92bb1e76e6d098eae3e6785ad3bb9a7326d6cf15fb60f7d52

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2784 wrote to memory of 3552	2784	regsvr32.exe	regsvr32.exe
PID 2784 wrote to memory of 3552	2784	regsvr32.exe	regsvr32.exe
PID 2784 wrote to memory of 3552	2784	regsvr32.exe	regsvr32.exe
PID 3552 wrote to memory of 3976	3552	regsvr32.exe	rundll32.exe
PID 3552 wrote to memory of 3976	3552	regsvr32.exe	rundll32.exe
PID 3552 wrote to memory of 3976	3552	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3142ebf28b4c68d271349c6052cac58f456121abf9b6c1a18f996940366d43fe.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2784

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3142ebf28b4c68d271349c6052cac58f456121abf9b6c1a18f996940366d43fe.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3552

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3142ebf28b4c68d271349c6052cac58f456121abf9b6c1a18f996940366d43fe.dll",DllRegisterServer
3⤵
PID:3976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3552-115-0x0000000000000000-mapping.dmp

Download
memory/3552-116-0x0000000000D41000-0x0000000000D65000-memory.dmp

Filesize
144KB

Download
memory/3552-117-0x0000000000D65000-0x0000000000D66000-memory.dmp

Filesize
4KB

Download
memory/3976-118-0x0000000000000000-mapping.dmp

Download