6f0f83f18088448cdde9da84731cdbab84bc8a2fdb88e51abcf109fef0f0b488 | Triage

Analysis

max time kernel
160s
max time network
159s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:28

Sharing

Report Analysis Logs

General

Target

6f0f83f18088448cdde9da84731cdbab84bc8a2fdb88e51abcf109fef0f0b488.dll
Size

520KB
MD5

3d569c376bf47589b950c02b153d9b83
SHA1

4965091252e801d142b6f960ebf83d8c8238db39
SHA256

6f0f83f18088448cdde9da84731cdbab84bc8a2fdb88e51abcf109fef0f0b488
SHA512

4e53c130cc575b346b91ba103024644641bd7ae8ed850294f7fbed76d4cbb90594bba8a9fc642d2af7c5921f7f22127212a6fac3f278c46686bf553654817370

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3056 wrote to memory of 3836	3056	regsvr32.exe	regsvr32.exe
PID 3056 wrote to memory of 3836	3056	regsvr32.exe	regsvr32.exe
PID 3056 wrote to memory of 3836	3056	regsvr32.exe	regsvr32.exe
PID 3836 wrote to memory of 1644	3836	regsvr32.exe	rundll32.exe
PID 3836 wrote to memory of 1644	3836	regsvr32.exe	rundll32.exe
PID 3836 wrote to memory of 1644	3836	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6f0f83f18088448cdde9da84731cdbab84bc8a2fdb88e51abcf109fef0f0b488.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3056

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\6f0f83f18088448cdde9da84731cdbab84bc8a2fdb88e51abcf109fef0f0b488.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3836

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\6f0f83f18088448cdde9da84731cdbab84bc8a2fdb88e51abcf109fef0f0b488.dll",DllRegisterServer
3⤵
PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...