87dca6b2acc54dc09676cca146e4f29120f9f31b64c6334facfc0e3c1de3cc9b | Triage

Analysis

max time kernel
83s
max time network
149s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:28

Sharing

Report Analysis Logs

General

Target

87dca6b2acc54dc09676cca146e4f29120f9f31b64c6334facfc0e3c1de3cc9b.dll
Size

512KB
MD5

d5596b6bb8a367ce589dbf68330d5ee9
SHA1

b7215dfa22543aedfe9aac9e8fa58921c428add7
SHA256

87dca6b2acc54dc09676cca146e4f29120f9f31b64c6334facfc0e3c1de3cc9b
SHA512

250702d5fef4bef4484d78008e710ce8779f7f96b572bdbe845af6a80e62277fb74f8f7b69bef328af80c346d8f8a7ce6d29f5a1a7b6318aeec71f6083881f39

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 1804 wrote to memory of 3796	1804	regsvr32.exe	regsvr32.exe
PID 1804 wrote to memory of 3796	1804	regsvr32.exe	regsvr32.exe
PID 1804 wrote to memory of 3796	1804	regsvr32.exe	regsvr32.exe
PID 3796 wrote to memory of 940	3796	regsvr32.exe	rundll32.exe
PID 3796 wrote to memory of 940	3796	regsvr32.exe	rundll32.exe
PID 3796 wrote to memory of 940	3796	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\87dca6b2acc54dc09676cca146e4f29120f9f31b64c6334facfc0e3c1de3cc9b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1804

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\87dca6b2acc54dc09676cca146e4f29120f9f31b64c6334facfc0e3c1de3cc9b.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3796

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\87dca6b2acc54dc09676cca146e4f29120f9f31b64c6334facfc0e3c1de3cc9b.dll",DllRegisterServer
3⤵
PID:940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...