5ac93005d7af3c29c140e45f0baf76b404b8dc04de72eae7c28d0b385c0e20a7 | Triage

Analysis

max time kernel
120s
max time network
127s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:55

Sharing

Report Analysis Logs

General

Target

5ac93005d7af3c29c140e45f0baf76b404b8dc04de72eae7c28d0b385c0e20a7.dll
Size

574KB
MD5

3a63734eeccaf4514bfd4287c3dbff99
SHA1

bacb21e91ce06caa3ccb364c59ab387cf8814dcc
SHA256

5ac93005d7af3c29c140e45f0baf76b404b8dc04de72eae7c28d0b385c0e20a7
SHA512

1036e4f2ac23a963914a9aebf5d3d5a477922a6c7a5b9c2e302a9b3bdd81c3e0a825799469e7e47f58187c21c1370e3af8fe3d9f9bbaf90835f9b805cd1b97c0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2692 wrote to memory of 2700	2692	regsvr32.exe	regsvr32.exe
PID 2692 wrote to memory of 2700	2692	regsvr32.exe	regsvr32.exe
PID 2692 wrote to memory of 2700	2692	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 3392	2700	regsvr32.exe	rundll32.exe
PID 2700 wrote to memory of 3392	2700	regsvr32.exe	rundll32.exe
PID 2700 wrote to memory of 3392	2700	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5ac93005d7af3c29c140e45f0baf76b404b8dc04de72eae7c28d0b385c0e20a7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\5ac93005d7af3c29c140e45f0baf76b404b8dc04de72eae7c28d0b385c0e20a7.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\5ac93005d7af3c29c140e45f0baf76b404b8dc04de72eae7c28d0b385c0e20a7.dll",DllRegisterServer
3⤵
PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2700-115-0x0000000000000000-mapping.dmp

Download
memory/2700-117-0x0000000004845000-0x0000000004846000-memory.dmp

Filesize
4KB

Download
memory/2700-116-0x0000000004821000-0x0000000004845000-memory.dmp

Filesize
144KB

Download
memory/3392-118-0x0000000000000000-mapping.dmp

Download