f32318338737b61086080394c491aab00ccb89cc3599c25087d0873c41cf3367 | Triage

Analysis

max time kernel
109s
max time network
111s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 02:02

Sharing

Report Analysis Logs

General

Target

f32318338737b61086080394c491aab00ccb89cc3599c25087d0873c41cf3367.dll
Size

574KB
MD5

1c176f88c494bc2734f7b599192a2c5c
SHA1

100446793ca35337ba64306dba7313cc1dec35f8
SHA256

f32318338737b61086080394c491aab00ccb89cc3599c25087d0873c41cf3367
SHA512

90ca9e318a83fba1f5c0489ab7f253ca4fb3203d9cb1a9dff48456b9718ddc8fad7ffb19020a021e7a0e372963f8882cc714a99360ce1864bda0f22bb3cad1e1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2592 wrote to memory of 2620	2592	regsvr32.exe	regsvr32.exe
PID 2592 wrote to memory of 2620	2592	regsvr32.exe	regsvr32.exe
PID 2592 wrote to memory of 2620	2592	regsvr32.exe	regsvr32.exe
PID 2620 wrote to memory of 924	2620	regsvr32.exe	rundll32.exe
PID 2620 wrote to memory of 924	2620	regsvr32.exe	rundll32.exe
PID 2620 wrote to memory of 924	2620	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f32318338737b61086080394c491aab00ccb89cc3599c25087d0873c41cf3367.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2592

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\f32318338737b61086080394c491aab00ccb89cc3599c25087d0873c41cf3367.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2620

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f32318338737b61086080394c491aab00ccb89cc3599c25087d0873c41cf3367.dll",DllRegisterServer
3⤵
PID:924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/924-118-0x0000000000000000-mapping.dmp

Download
memory/2620-115-0x0000000000000000-mapping.dmp

Download
memory/2620-116-0x0000000004571000-0x0000000004595000-memory.dmp

Filesize
144KB

Download
memory/2620-117-0x0000000004595000-0x0000000004596000-memory.dmp

Filesize
4KB

Download