92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509 | Triage

Analysis

max time kernel
76s
max time network
103s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 02:13

Sharing

Report Analysis Logs

General

Target

92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll
Size

574KB
MD5

0ec9d113506ab2571df132885fc5fa17
SHA1

8460bfde2ba6dcb0754214781a2c69bf2c19ceac
SHA256

92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509
SHA512

b8a440d4c3f347c302ef860074cf2af7c9b01e6d4d7471af569ee4a63ef6548ed6f0b437f91145d9df85764fea30576e8332905fbdd8a01d1e09f38d84d930a1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3004 wrote to memory of 3208	3004	regsvr32.exe	regsvr32.exe
PID 3004 wrote to memory of 3208	3004	regsvr32.exe	regsvr32.exe
PID 3004 wrote to memory of 3208	3004	regsvr32.exe	regsvr32.exe
PID 3208 wrote to memory of 600	3208	regsvr32.exe	rundll32.exe
PID 3208 wrote to memory of 600	3208	regsvr32.exe	rundll32.exe
PID 3208 wrote to memory of 600	3208	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3004

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3208

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll",DllRegisterServer
3⤵
PID:600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/600-121-0x0000000000000000-mapping.dmp

Download
memory/3208-118-0x0000000000000000-mapping.dmp

Download
memory/3208-120-0x0000000000BC5000-0x0000000000BC6000-memory.dmp

Filesize
4KB

Download
memory/3208-119-0x0000000000BA1000-0x0000000000BC5000-memory.dmp

Filesize
144KB

Download