934eec008c02c1f626a801341aea72172e4bad99bc7737ab63a0158921e20467 | Triage

Resubmissions

20-01-2022 16:43

220120-t78nwsagc2 10

19-01-2022 12:07

220119-palqmshehq 10

Analysis

max time kernel
1s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
20-01-2022 16:43

Sharing

Report Analysis Logs

General

Target

us.dll
Size

844KB
MD5

ba8812816a3996e9c1efcc2619e54afd
SHA1

7bf1daf34d94a332c5e2a177f6a1a08fcd6d8605
SHA256

934eec008c02c1f626a801341aea72172e4bad99bc7737ab63a0158921e20467
SHA512

a66cf0e8324ee4be30ba4f786f1c9a821726cb52cb7becdabb2b2765cef2c8135bd66ae1be6e448744c7345a8e64e9c35af5560c0a6bffc9b186693ef143ea50

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2868 wrote to memory of 3180	2868	regsvr32.exe	regsvr32.exe
PID 2868 wrote to memory of 3180	2868	regsvr32.exe	regsvr32.exe
PID 2868 wrote to memory of 3180	2868	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\us.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2868

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\us.dll
2⤵
PID:3180

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...