Analysis
-
max time kernel
76s -
max time network
103s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
15-01-2022 02:13
Static task
static1
Behavioral task
behavioral1
Sample
92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll
-
Size
574KB
-
MD5
0ec9d113506ab2571df132885fc5fa17
-
SHA1
8460bfde2ba6dcb0754214781a2c69bf2c19ceac
-
SHA256
92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509
-
SHA512
b8a440d4c3f347c302ef860074cf2af7c9b01e6d4d7471af569ee4a63ef6548ed6f0b437f91145d9df85764fea30576e8332905fbdd8a01d1e09f38d84d930a1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3004 wrote to memory of 3208 3004 regsvr32.exe regsvr32.exe PID 3004 wrote to memory of 3208 3004 regsvr32.exe regsvr32.exe PID 3004 wrote to memory of 3208 3004 regsvr32.exe regsvr32.exe PID 3208 wrote to memory of 600 3208 regsvr32.exe rundll32.exe PID 3208 wrote to memory of 600 3208 regsvr32.exe rundll32.exe PID 3208 wrote to memory of 600 3208 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\92f22371e4524ce6b792372e5ff2a7c84d700260332d4545f6ceaa23b9575509.dll",DllRegisterServer3⤵