fb8124f78e10f99ecd5bb2a45a6dfd92927efa5354d9c18d706cf67a3b4bc748 | Triage

Analysis

max time kernel
123s
max time network
115s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 02:06

Sharing

Report Analysis Logs

General

Target

fb8124f78e10f99ecd5bb2a45a6dfd92927efa5354d9c18d706cf67a3b4bc748.dll
Size

574KB
MD5

9939306795f02962a1cead49d3b145f2
SHA1

9b16f3bcf05f45c112ba9adc8b9b8c77a843f247
SHA256

fb8124f78e10f99ecd5bb2a45a6dfd92927efa5354d9c18d706cf67a3b4bc748
SHA512

feb1c1c4401882608d9bc1843ef16e0b9abb6c805fbe0be4fdedc8eb222362163e7f42892a1e7977c68722d7fc5f07ba47496cd87caccb408b143d8ba0138289

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2492 wrote to memory of 2556	2492	regsvr32.exe	regsvr32.exe
PID 2492 wrote to memory of 2556	2492	regsvr32.exe	regsvr32.exe
PID 2492 wrote to memory of 2556	2492	regsvr32.exe	regsvr32.exe
PID 2556 wrote to memory of 3820	2556	regsvr32.exe	rundll32.exe
PID 2556 wrote to memory of 3820	2556	regsvr32.exe	rundll32.exe
PID 2556 wrote to memory of 3820	2556	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fb8124f78e10f99ecd5bb2a45a6dfd92927efa5354d9c18d706cf67a3b4bc748.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2492

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\fb8124f78e10f99ecd5bb2a45a6dfd92927efa5354d9c18d706cf67a3b4bc748.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2556

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\fb8124f78e10f99ecd5bb2a45a6dfd92927efa5354d9c18d706cf67a3b4bc748.dll",DllRegisterServer
3⤵
PID:3820

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-118-0x0000000000000000-mapping.dmp

Download
memory/2556-119-0x00000000027A1000-0x00000000027C5000-memory.dmp

Filesize
144KB

Download
memory/2556-120-0x00000000027C5000-0x00000000027C6000-memory.dmp

Filesize
4KB

Download
memory/3820-121-0x0000000000000000-mapping.dmp

Download