3db9d1822044d57fcd94282b4c40f69b9e0787ebd45d5f6e101d40581683fc0e | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 02:02

Sharing

Report Analysis Logs

General

Target

3db9d1822044d57fcd94282b4c40f69b9e0787ebd45d5f6e101d40581683fc0e.dll
Size

574KB
MD5

fd5993a9eebc08ee691d2a3807491ddd
SHA1

16768d1e35b6600af678bfa2d5f3304a2e85fc85
SHA256

3db9d1822044d57fcd94282b4c40f69b9e0787ebd45d5f6e101d40581683fc0e
SHA512

b8ec9840102be8d061df4f37816617654851e8dbd8335fd035bba1cbf15bf876cad9a2a208a7af505b50a10bd9451346c34fc32d66de00170faaa949231b79fe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 912 wrote to memory of 3992	912	regsvr32.exe	regsvr32.exe
PID 912 wrote to memory of 3992	912	regsvr32.exe	regsvr32.exe
PID 912 wrote to memory of 3992	912	regsvr32.exe	regsvr32.exe
PID 3992 wrote to memory of 1332	3992	regsvr32.exe	rundll32.exe
PID 3992 wrote to memory of 1332	3992	regsvr32.exe	rundll32.exe
PID 3992 wrote to memory of 1332	3992	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3db9d1822044d57fcd94282b4c40f69b9e0787ebd45d5f6e101d40581683fc0e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:912

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3db9d1822044d57fcd94282b4c40f69b9e0787ebd45d5f6e101d40581683fc0e.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3992

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3db9d1822044d57fcd94282b4c40f69b9e0787ebd45d5f6e101d40581683fc0e.dll",DllRegisterServer
3⤵
PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-118-0x0000000000000000-mapping.dmp

Download
memory/3992-115-0x0000000000000000-mapping.dmp

Download
memory/3992-117-0x00000000009F5000-0x00000000009F6000-memory.dmp

Filesize
4KB

Download
memory/3992-116-0x00000000009D1000-0x00000000009F5000-memory.dmp

Filesize
144KB

Download