2d113779353faba137d3bd52bf4c73c4e89beef5315c13eea9c1d0c13353adb0 | Triage

Analysis

max time kernel
121s
max time network
120s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:55

Sharing

Report Analysis Logs

General

Target

2d113779353faba137d3bd52bf4c73c4e89beef5315c13eea9c1d0c13353adb0.dll
Size

574KB
MD5

160735afb3d1bd216ad1bd0e4e014b84
SHA1

2ec81049f3233e9ffdb4c4b7e8989fd052bbcab0
SHA256

2d113779353faba137d3bd52bf4c73c4e89beef5315c13eea9c1d0c13353adb0
SHA512

10262c0deaee932d85bbf1d86ad5dfb22c3467d0c3a7650ce640191fb18ec41cb862f05259d5ffd8b61409fada4c1d270e3dd3d9785aa216459d5e652ac67ecb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2800 wrote to memory of 3472	2800	regsvr32.exe	regsvr32.exe
PID 2800 wrote to memory of 3472	2800	regsvr32.exe	regsvr32.exe
PID 2800 wrote to memory of 3472	2800	regsvr32.exe	regsvr32.exe
PID 3472 wrote to memory of 1060	3472	regsvr32.exe	rundll32.exe
PID 3472 wrote to memory of 1060	3472	regsvr32.exe	rundll32.exe
PID 3472 wrote to memory of 1060	3472	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d113779353faba137d3bd52bf4c73c4e89beef5315c13eea9c1d0c13353adb0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2800

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\2d113779353faba137d3bd52bf4c73c4e89beef5315c13eea9c1d0c13353adb0.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3472

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\2d113779353faba137d3bd52bf4c73c4e89beef5315c13eea9c1d0c13353adb0.dll",DllRegisterServer
3⤵
PID:1060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1060-118-0x0000000000000000-mapping.dmp

Download
memory/3472-115-0x0000000000000000-mapping.dmp

Download
memory/3472-117-0x0000000000BD5000-0x0000000000BD6000-memory.dmp

Filesize
4KB

Download
memory/3472-116-0x0000000000BB1000-0x0000000000BD5000-memory.dmp

Filesize
144KB

Download