Analysis
-
max time kernel
127s -
max time network
162s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
28-01-2022 03:20
Static task
static1
General
-
Target
ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5.dll
-
Size
520KB
-
MD5
645bf3a71a1a0ff3ebf91c4b28365277
-
SHA1
4f7e0521bded1c8385619b5855267ad1e214ab56
-
SHA256
ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5
-
SHA512
40379ca6c27c1d1380dc2d222e1a5c6c9dc4deb89045c7c7a1761a91ccc8454e39c617f7a38a7ca9f04052e14ef69b2603b18d8f6fd6e7a0bf12888279db4b04
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3584 wrote to memory of 2020 3584 regsvr32.exe regsvr32.exe PID 3584 wrote to memory of 2020 3584 regsvr32.exe regsvr32.exe PID 3584 wrote to memory of 2020 3584 regsvr32.exe regsvr32.exe PID 2020 wrote to memory of 672 2020 regsvr32.exe rundll32.exe PID 2020 wrote to memory of 672 2020 regsvr32.exe rundll32.exe PID 2020 wrote to memory of 672 2020 regsvr32.exe rundll32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5.dll",DllRegisterServer3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2020-118-0x00000000049C1000-0x00000000049E4000-memory.dmpFilesize
140KB