c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:55

Sharing

Report Analysis Logs

General

Target

c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll
Size

574KB
MD5

a9044a219a8d9334411139723c8d3bd7
SHA1

cdff52db1788e57eab130de32f8ac13dc4b5fed5
SHA256

c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc
SHA512

36a740394b3db81e881a785e89c0b35a6b106020128a9b76375323812397af3d5098b1d0f5830240b0554780b05ac03558f7eb05ffecaef771afbd871684496f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2648 wrote to memory of 2680	2648	regsvr32.exe	regsvr32.exe
PID 2648 wrote to memory of 2680	2648	regsvr32.exe	regsvr32.exe
PID 2648 wrote to memory of 2680	2648	regsvr32.exe	regsvr32.exe
PID 2680 wrote to memory of 3784	2680	regsvr32.exe	rundll32.exe
PID 2680 wrote to memory of 3784	2680	regsvr32.exe	rundll32.exe
PID 2680 wrote to memory of 3784	2680	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2648

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2680

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c5a00cc2c6d99df4b73033d0b525166ac372c4f5604f1620a3ee8b25a9c1c7cc.dll",DllRegisterServer
3⤵
PID:3784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2680-115-0x0000000000000000-mapping.dmp

Download
memory/2680-116-0x0000000002BF1000-0x0000000002C15000-memory.dmp

Filesize
144KB

Download
memory/2680-117-0x0000000002C15000-0x0000000002C16000-memory.dmp

Filesize
4KB

Download
memory/3784-118-0x0000000000000000-mapping.dmp

Download