08e76621ad1057bb2445b77b998ffb0f4dc17e5aba1fbacb159cd99409fca884 | Triage

Analysis

max time kernel
183s
max time network
195s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

08e76621ad1057bb2445b77b998ffb0f4dc17e5aba1fbacb159cd99409fca884.dll
Size

520KB
MD5

6aa457085eab418191efa9e832218c88
SHA1

6ce9ee7ae73c810448d8032d517f2c6fc9cd05b3
SHA256

08e76621ad1057bb2445b77b998ffb0f4dc17e5aba1fbacb159cd99409fca884
SHA512

d4938bc21f45a3c76e82fa8b27916eee65be97a61ff75624d606bb6d68e52af22f6927e721e11794fbfabb61006cd48c708f798845bdc9962ebf626bdd4f2a11

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 4044 wrote to memory of 4088	4044	regsvr32.exe	regsvr32.exe
PID 4044 wrote to memory of 4088	4044	regsvr32.exe	regsvr32.exe
PID 4044 wrote to memory of 4088	4044	regsvr32.exe	regsvr32.exe
PID 4088 wrote to memory of 4324	4088	regsvr32.exe	rundll32.exe
PID 4088 wrote to memory of 4324	4088	regsvr32.exe	rundll32.exe
PID 4088 wrote to memory of 4324	4088	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08e76621ad1057bb2445b77b998ffb0f4dc17e5aba1fbacb159cd99409fca884.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4044

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\08e76621ad1057bb2445b77b998ffb0f4dc17e5aba1fbacb159cd99409fca884.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4088

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\08e76621ad1057bb2445b77b998ffb0f4dc17e5aba1fbacb159cd99409fca884.dll",DllRegisterServer
3⤵
PID:4324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...