b96c1bb99ce85767a54b19cffc1a155dd91d252cd69999303e4f31b99d6a2cdc | Triage

Analysis

max time kernel
122s
max time network
137s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

b96c1bb99ce85767a54b19cffc1a155dd91d252cd69999303e4f31b99d6a2cdc.dll
Size

520KB
MD5

384cb1aeb895a610b11a95a48eadc1aa
SHA1

45b2db9e6382efb5fe2add2705079bd1b18cbb4e
SHA256

b96c1bb99ce85767a54b19cffc1a155dd91d252cd69999303e4f31b99d6a2cdc
SHA512

0e6e93b1924d7eebeb905195f2646f32874fe754fa60070a2ef88b20e461673fa46bdd63b64f270794195f63c092b66b867f38dda661b581e6d3f0dafb85c477

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2784 wrote to memory of 3684	2784	regsvr32.exe	regsvr32.exe
PID 2784 wrote to memory of 3684	2784	regsvr32.exe	regsvr32.exe
PID 2784 wrote to memory of 3684	2784	regsvr32.exe	regsvr32.exe
PID 3684 wrote to memory of 3204	3684	regsvr32.exe	rundll32.exe
PID 3684 wrote to memory of 3204	3684	regsvr32.exe	rundll32.exe
PID 3684 wrote to memory of 3204	3684	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b96c1bb99ce85767a54b19cffc1a155dd91d252cd69999303e4f31b99d6a2cdc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2784

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\b96c1bb99ce85767a54b19cffc1a155dd91d252cd69999303e4f31b99d6a2cdc.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3684

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\b96c1bb99ce85767a54b19cffc1a155dd91d252cd69999303e4f31b99d6a2cdc.dll",DllRegisterServer
3⤵
PID:3204

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...