af981f6a7174d7d39429c50eb54dae5702e6e4ac307ccdf30e7efb7606787051 | Triage

Analysis

max time kernel
145s
max time network
181s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

af981f6a7174d7d39429c50eb54dae5702e6e4ac307ccdf30e7efb7606787051.dll
Size

520KB
MD5

5a61b5e9f59a004736ef781c52511efd
SHA1

120d22420c03a836540dce8830c1566f84136e56
SHA256

af981f6a7174d7d39429c50eb54dae5702e6e4ac307ccdf30e7efb7606787051
SHA512

5eee2feb7beaa8f5d96065f729aa970a76318e0dc5dd5694752ece723681ef8a4dc4273a1c7e9143b30f158a6f5a81d1e72e4aa92953bc533df19dcd3eb348ea

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 960 wrote to memory of 1980	960	regsvr32.exe	regsvr32.exe
PID 960 wrote to memory of 1980	960	regsvr32.exe	regsvr32.exe
PID 960 wrote to memory of 1980	960	regsvr32.exe	regsvr32.exe
PID 1980 wrote to memory of 432	1980	regsvr32.exe	rundll32.exe
PID 1980 wrote to memory of 432	1980	regsvr32.exe	rundll32.exe
PID 1980 wrote to memory of 432	1980	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\af981f6a7174d7d39429c50eb54dae5702e6e4ac307ccdf30e7efb7606787051.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:960

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\af981f6a7174d7d39429c50eb54dae5702e6e4ac307ccdf30e7efb7606787051.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1980

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\af981f6a7174d7d39429c50eb54dae5702e6e4ac307ccdf30e7efb7606787051.dll",DllRegisterServer
3⤵
PID:432

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...