618de804749c8a2b22cbc6190bf479b04e5e38528b157d9a0cf1024ccdbffef3 | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:55

Sharing

Report Analysis Logs

General

Target

618de804749c8a2b22cbc6190bf479b04e5e38528b157d9a0cf1024ccdbffef3.dll
Size

574KB
MD5

fa6266118afa375dc8a44ac02ee28d96
SHA1

1d6fcb522d945d58193a43e7b48db8771632d418
SHA256

618de804749c8a2b22cbc6190bf479b04e5e38528b157d9a0cf1024ccdbffef3
SHA512

5a59f051f1c6da9f1ff88638915560e6838898d49cc9f54099ee712413d50a47f72eb7bb51ba7e177ffa05d901083cd094d1035d10b02abb06cc78902a6adca7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3716 wrote to memory of 4072	3716	regsvr32.exe	regsvr32.exe
PID 3716 wrote to memory of 4072	3716	regsvr32.exe	regsvr32.exe
PID 3716 wrote to memory of 4072	3716	regsvr32.exe	regsvr32.exe
PID 4072 wrote to memory of 1260	4072	regsvr32.exe	rundll32.exe
PID 4072 wrote to memory of 1260	4072	regsvr32.exe	rundll32.exe
PID 4072 wrote to memory of 1260	4072	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\618de804749c8a2b22cbc6190bf479b04e5e38528b157d9a0cf1024ccdbffef3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3716

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\618de804749c8a2b22cbc6190bf479b04e5e38528b157d9a0cf1024ccdbffef3.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4072

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\618de804749c8a2b22cbc6190bf479b04e5e38528b157d9a0cf1024ccdbffef3.dll",DllRegisterServer
3⤵
PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1260-118-0x0000000000000000-mapping.dmp

Download
memory/4072-115-0x0000000000000000-mapping.dmp

Download
memory/4072-116-0x0000000002991000-0x00000000029B5000-memory.dmp

Filesize
144KB

Download
memory/4072-117-0x00000000029B5000-0x00000000029B6000-memory.dmp

Filesize
4KB

Download