15f3c4078255d14890f590647e4a8679306bfd1ad8899449ab7ae908a31579bb | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 02:17

Sharing

Report Analysis Logs

General

Target

15f3c4078255d14890f590647e4a8679306bfd1ad8899449ab7ae908a31579bb.dll
Size

574KB
MD5

a54215d93a3fae07269b09acb38edef9
SHA1

9ca4adb1deaa767377bd364a44d4f3b2c62229de
SHA256

15f3c4078255d14890f590647e4a8679306bfd1ad8899449ab7ae908a31579bb
SHA512

645d73f018ef3ae9d23b9d08185375f2557edcff52264d2f2c303a1f4c9b2c308894bdc6be42573b82a52522b4dc5e3a444c574943a1f2ee3536f611e19b0885

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3052 wrote to memory of 2692	3052	regsvr32.exe	regsvr32.exe
PID 3052 wrote to memory of 2692	3052	regsvr32.exe	regsvr32.exe
PID 3052 wrote to memory of 2692	3052	regsvr32.exe	regsvr32.exe
PID 2692 wrote to memory of 2160	2692	regsvr32.exe	rundll32.exe
PID 2692 wrote to memory of 2160	2692	regsvr32.exe	rundll32.exe
PID 2692 wrote to memory of 2160	2692	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\15f3c4078255d14890f590647e4a8679306bfd1ad8899449ab7ae908a31579bb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3052

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\15f3c4078255d14890f590647e4a8679306bfd1ad8899449ab7ae908a31579bb.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\15f3c4078255d14890f590647e4a8679306bfd1ad8899449ab7ae908a31579bb.dll",DllRegisterServer
3⤵
PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2160-121-0x0000000000000000-mapping.dmp

Download
memory/2692-118-0x0000000000000000-mapping.dmp

Download
memory/2692-120-0x0000000002AE5000-0x0000000002AE6000-memory.dmp

Filesize
4KB

Download
memory/2692-119-0x0000000002AC1000-0x0000000002AE5000-memory.dmp

Filesize
144KB

Download