beec0530fec99f15194815a3e53a5be2fdc9306b06c8e857eaa78402cf7d9b00 | Triage

Analysis

max time kernel
110s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 01:55

Sharing

Report Analysis Logs

General

Target

beec0530fec99f15194815a3e53a5be2fdc9306b06c8e857eaa78402cf7d9b00.dll
Size

574KB
MD5

4c2d2d1c6de5c89cce8272f407aad3e0
SHA1

e3a0008d13a4b566749530231ea885015ff2d978
SHA256

beec0530fec99f15194815a3e53a5be2fdc9306b06c8e857eaa78402cf7d9b00
SHA512

75a92d7afb23d59eac337291226e687f18f3d5d2b6ac32635a43283b133e77f350912ff32b2eb2103e1c11ec7851cb2df64002a18185362f1849b6634bac19d1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2696 wrote to memory of 2716	2696	regsvr32.exe	regsvr32.exe
PID 2696 wrote to memory of 2716	2696	regsvr32.exe	regsvr32.exe
PID 2696 wrote to memory of 2716	2696	regsvr32.exe	regsvr32.exe
PID 2716 wrote to memory of 3760	2716	regsvr32.exe	rundll32.exe
PID 2716 wrote to memory of 3760	2716	regsvr32.exe	rundll32.exe
PID 2716 wrote to memory of 3760	2716	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\beec0530fec99f15194815a3e53a5be2fdc9306b06c8e857eaa78402cf7d9b00.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2696

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\beec0530fec99f15194815a3e53a5be2fdc9306b06c8e857eaa78402cf7d9b00.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2716

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\beec0530fec99f15194815a3e53a5be2fdc9306b06c8e857eaa78402cf7d9b00.dll",DllRegisterServer
3⤵
PID:3760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2716-115-0x0000000000000000-mapping.dmp

Download
memory/2716-116-0x0000000003501000-0x0000000003525000-memory.dmp

Filesize
144KB

Download
memory/2716-117-0x0000000003525000-0x0000000003526000-memory.dmp

Filesize
4KB

Download
memory/3760-118-0x0000000000000000-mapping.dmp

Download