ff6fd3b95f918ddb93b143aaa88f60e9fcfec73a41f28ed2e09d7cc05dda094b | Triage

Analysis

max time kernel
111s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 02:06

Sharing

Report Analysis Logs

General

Target

ff6fd3b95f918ddb93b143aaa88f60e9fcfec73a41f28ed2e09d7cc05dda094b.dll
Size

574KB
MD5

6287e48025efcb0dbf2141e1f3bfd864
SHA1

f908ec5f13af4fae9758c72c2cf9a07e0fefab7c
SHA256

ff6fd3b95f918ddb93b143aaa88f60e9fcfec73a41f28ed2e09d7cc05dda094b
SHA512

716ce19942e46f36eec9e82bf6a3d4b1bf34d6f4d09abe4997bf571c161f1408c4413a7de4f6c47d3711c920a2fab27a1336c493132c9eef736a98ddf80c0daa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2344 wrote to memory of 2544	2344	regsvr32.exe	regsvr32.exe
PID 2344 wrote to memory of 2544	2344	regsvr32.exe	regsvr32.exe
PID 2344 wrote to memory of 2544	2344	regsvr32.exe	regsvr32.exe
PID 2544 wrote to memory of 3032	2544	regsvr32.exe	rundll32.exe
PID 2544 wrote to memory of 3032	2544	regsvr32.exe	rundll32.exe
PID 2544 wrote to memory of 3032	2544	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ff6fd3b95f918ddb93b143aaa88f60e9fcfec73a41f28ed2e09d7cc05dda094b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2344

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ff6fd3b95f918ddb93b143aaa88f60e9fcfec73a41f28ed2e09d7cc05dda094b.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2544

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ff6fd3b95f918ddb93b143aaa88f60e9fcfec73a41f28ed2e09d7cc05dda094b.dll",DllRegisterServer
3⤵
PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2544-118-0x0000000000000000-mapping.dmp

Download
memory/2544-120-0x0000000004CA5000-0x0000000004CA6000-memory.dmp

Filesize
4KB

Download
memory/2544-119-0x0000000004C81000-0x0000000004CA5000-memory.dmp

Filesize
144KB

Download
memory/3032-121-0x0000000000000000-mapping.dmp

Download