a579824a915262d54e8bc433a05df35dca9d5ba678e8dd1a6aa05af12e177cb1 | Triage

Analysis

max time kernel
160s
max time network
169s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:28

Sharing

Report Analysis Logs

General

Target

a579824a915262d54e8bc433a05df35dca9d5ba678e8dd1a6aa05af12e177cb1.dll
Size

520KB
MD5

7d92bab68031b79a32b05e22169bf2ec
SHA1

85f96df9cd19ed6fcaa745fcf749da13bf651a35
SHA256

a579824a915262d54e8bc433a05df35dca9d5ba678e8dd1a6aa05af12e177cb1
SHA512

90840865c55f4ce3c2956cd64e3a7c02aaf4e242cec43f3a57c2a91392f3b5ce82ea270e208d2f1d65677965578563bec281a1311288c27bc8c6853bf64c829d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3048 wrote to memory of 2832	3048	regsvr32.exe	regsvr32.exe
PID 3048 wrote to memory of 2832	3048	regsvr32.exe	regsvr32.exe
PID 3048 wrote to memory of 2832	3048	regsvr32.exe	regsvr32.exe
PID 2832 wrote to memory of 3820	2832	regsvr32.exe	rundll32.exe
PID 2832 wrote to memory of 3820	2832	regsvr32.exe	rundll32.exe
PID 2832 wrote to memory of 3820	2832	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a579824a915262d54e8bc433a05df35dca9d5ba678e8dd1a6aa05af12e177cb1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3048

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a579824a915262d54e8bc433a05df35dca9d5ba678e8dd1a6aa05af12e177cb1.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2832

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\a579824a915262d54e8bc433a05df35dca9d5ba678e8dd1a6aa05af12e177cb1.dll",DllRegisterServer
3⤵
PID:3820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...