cfadc6358b82020585927be3c930854dc74d35db5633c85be424db0003e0c111 | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 02:02

Sharing

Report Analysis Logs

General

Target

cfadc6358b82020585927be3c930854dc74d35db5633c85be424db0003e0c111.dll
Size

574KB
MD5

b795fa7a811000805ac3ed33cb0d78aa
SHA1

340cb496af3a2933c2798ea1f7a0866641c8c8a8
SHA256

cfadc6358b82020585927be3c930854dc74d35db5633c85be424db0003e0c111
SHA512

2949644329098bb6ccb209bd914292a65bbef3dff35c78f79062b4d93cced244cd5fb91ef89f7b222fd42a5bc1996979dffd3aa9b203739fba9ebd712d94841a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3376 wrote to memory of 3504	3376	regsvr32.exe	regsvr32.exe
PID 3376 wrote to memory of 3504	3376	regsvr32.exe	regsvr32.exe
PID 3376 wrote to memory of 3504	3376	regsvr32.exe	regsvr32.exe
PID 3504 wrote to memory of 3752	3504	regsvr32.exe	rundll32.exe
PID 3504 wrote to memory of 3752	3504	regsvr32.exe	rundll32.exe
PID 3504 wrote to memory of 3752	3504	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cfadc6358b82020585927be3c930854dc74d35db5633c85be424db0003e0c111.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3376

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\cfadc6358b82020585927be3c930854dc74d35db5633c85be424db0003e0c111.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3504

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\cfadc6358b82020585927be3c930854dc74d35db5633c85be424db0003e0c111.dll",DllRegisterServer
3⤵
PID:3752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3504-116-0x0000000000000000-mapping.dmp

Download
memory/3504-117-0x00000000046B1000-0x00000000046D5000-memory.dmp

Filesize
144KB

Download
memory/3504-118-0x00000000046D5000-0x00000000046D6000-memory.dmp

Filesize
4KB

Download
memory/3752-119-0x0000000000000000-mapping.dmp

Download