bdadcb9165723435e1d19b8c5cf7c6b618f1ed81254f9bbb9be5b48d39cbfa80 | Triage

Analysis

max time kernel
110s
max time network
124s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:55

Sharing

Report Analysis Logs

General

Target

bdadcb9165723435e1d19b8c5cf7c6b618f1ed81254f9bbb9be5b48d39cbfa80.dll
Size

574KB
MD5

3ac1a344532179e3015525ce00e7630a
SHA1

8674f51c5483cae44fd3f39744b2c899178a073b
SHA256

bdadcb9165723435e1d19b8c5cf7c6b618f1ed81254f9bbb9be5b48d39cbfa80
SHA512

b41aac1a693f9d2dceee3ec1fcd7f07a379fa115c2edd8d30413d4bc486eefa2fb2fe46c1bba744041d706fc2790e492985354e55d712c7ef5ef974d62a3c725

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 828 wrote to memory of 3836	828	regsvr32.exe	regsvr32.exe
PID 828 wrote to memory of 3836	828	regsvr32.exe	regsvr32.exe
PID 828 wrote to memory of 3836	828	regsvr32.exe	regsvr32.exe
PID 3836 wrote to memory of 2804	3836	regsvr32.exe	rundll32.exe
PID 3836 wrote to memory of 2804	3836	regsvr32.exe	rundll32.exe
PID 3836 wrote to memory of 2804	3836	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bdadcb9165723435e1d19b8c5cf7c6b618f1ed81254f9bbb9be5b48d39cbfa80.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:828

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\bdadcb9165723435e1d19b8c5cf7c6b618f1ed81254f9bbb9be5b48d39cbfa80.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3836

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\bdadcb9165723435e1d19b8c5cf7c6b618f1ed81254f9bbb9be5b48d39cbfa80.dll",DllRegisterServer
3⤵
PID:2804

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2804-118-0x0000000000000000-mapping.dmp

Download
memory/3836-115-0x0000000000000000-mapping.dmp

Download
memory/3836-117-0x0000000003025000-0x0000000003026000-memory.dmp

Filesize
4KB

Download
memory/3836-116-0x0000000003001000-0x0000000003025000-memory.dmp

Filesize
144KB

Download