Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 01:55
Static task
static1
Behavioral task
behavioral1
Sample
c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll
-
Size
574KB
-
MD5
a9044a219a8d9334411139723c8d3bd7
-
SHA1
cdff52db1788e57eab130de32f8ac13dc4b5fed5
-
SHA256
c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc
-
SHA512
36a740394b3db81e881a785e89c0b35a6b106020128a9b76375323812397af3d5098b1d0f5830240b0554780b05ac03558f7eb05ffecaef771afbd871684496f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 2648 wrote to memory of 2680 2648 regsvr32.exe regsvr32.exe PID 2648 wrote to memory of 2680 2648 regsvr32.exe regsvr32.exe PID 2648 wrote to memory of 2680 2648 regsvr32.exe regsvr32.exe PID 2680 wrote to memory of 3784 2680 regsvr32.exe rundll32.exe PID 2680 wrote to memory of 3784 2680 regsvr32.exe rundll32.exe PID 2680 wrote to memory of 3784 2680 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll",DllRegisterServer3⤵