3e5118b4efe6bb6dc0313ddb67a8dbf570afed18cc5ff5103df717b3784692fa | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows10_x64
resource
win10-en-20211208
submitted
15-01-2022 02:21

Sharing

Report Analysis Logs

General

Target

3e5118b4efe6bb6dc0313ddb67a8dbf570afed18cc5ff5103df717b3784692fa.dll
Size

574KB
MD5

83f0ff16fdc9a5d9e69f85349f5270b0
SHA1

1f0ede7b065ca26f4da3f0a0fbdafdbc7e76dfcd
SHA256

3e5118b4efe6bb6dc0313ddb67a8dbf570afed18cc5ff5103df717b3784692fa
SHA512

18431fbe18f658504aa42f475adcd8db15a22cded9080fc28c729a8fc9d3f3cbbfb09f2b19089dc5a0ed157ca01892e10456d64c6da5e2bff021200441751280

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2340 wrote to memory of 2444	2340	regsvr32.exe	regsvr32.exe
PID 2340 wrote to memory of 2444	2340	regsvr32.exe	regsvr32.exe
PID 2340 wrote to memory of 2444	2340	regsvr32.exe	regsvr32.exe
PID 2444 wrote to memory of 2756	2444	regsvr32.exe	rundll32.exe
PID 2444 wrote to memory of 2756	2444	regsvr32.exe	rundll32.exe
PID 2444 wrote to memory of 2756	2444	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e5118b4efe6bb6dc0313ddb67a8dbf570afed18cc5ff5103df717b3784692fa.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2340

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3e5118b4efe6bb6dc0313ddb67a8dbf570afed18cc5ff5103df717b3784692fa.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2444

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3e5118b4efe6bb6dc0313ddb67a8dbf570afed18cc5ff5103df717b3784692fa.dll",DllRegisterServer
3⤵
PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2444-118-0x0000000000000000-mapping.dmp

Download
memory/2444-120-0x0000000004445000-0x0000000004446000-memory.dmp

Filesize
4KB

Download
memory/2444-119-0x0000000004421000-0x0000000004445000-memory.dmp

Filesize
144KB

Download
memory/2756-121-0x0000000000000000-mapping.dmp

Download