783647fed4651c34930a2bd1aa9b2d1431ca8d7e9838d83d8667a06fece1239c | Triage

Analysis

max time kernel
125s
max time network
191s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

783647fed4651c34930a2bd1aa9b2d1431ca8d7e9838d83d8667a06fece1239c.dll
Size

520KB
MD5

daa3be7565c8ccf4d9d65dd345f866c9
SHA1

73b8c09d8a21811b5714726ef74f626c9e22fb12
SHA256

783647fed4651c34930a2bd1aa9b2d1431ca8d7e9838d83d8667a06fece1239c
SHA512

c282c8c370d7ab85b9841687d720175998c56a7c01542e4300a07ef4537c16d62851a0c7d8befe52c5694d25a1b69bd3662f3147b4258f1bfe5cd7c908659ed6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3692 wrote to memory of 2992	3692	regsvr32.exe	regsvr32.exe
PID 3692 wrote to memory of 2992	3692	regsvr32.exe	regsvr32.exe
PID 3692 wrote to memory of 2992	3692	regsvr32.exe	regsvr32.exe
PID 2992 wrote to memory of 652	2992	regsvr32.exe	rundll32.exe
PID 2992 wrote to memory of 652	2992	regsvr32.exe	rundll32.exe
PID 2992 wrote to memory of 652	2992	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\783647fed4651c34930a2bd1aa9b2d1431ca8d7e9838d83d8667a06fece1239c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3692

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\783647fed4651c34930a2bd1aa9b2d1431ca8d7e9838d83d8667a06fece1239c.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2992

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\783647fed4651c34930a2bd1aa9b2d1431ca8d7e9838d83d8667a06fece1239c.dll",DllRegisterServer
3⤵
PID:652

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...