a7452bee2fa333c9e92360264e1827ff6e58378d9a4ac8dbf5980966b189ffa4 | Triage

Analysis

max time kernel
182s
max time network
201s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

a7452bee2fa333c9e92360264e1827ff6e58378d9a4ac8dbf5980966b189ffa4.dll
Size

512KB
MD5

a4bb0dc7c8192301f368e0304b5c2ba0
SHA1

fba3864676b61db6167b858c3ced47590754274f
SHA256

a7452bee2fa333c9e92360264e1827ff6e58378d9a4ac8dbf5980966b189ffa4
SHA512

b3e9f54dd2a00c7f34fe2baa0f47cb1151866cc5060d595ef7d9dc151e0f92192b4eb2ee5341834d5870de5da45b36745bea59191f0fa6d603839294cb6e5794

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 640 wrote to memory of 940	640	regsvr32.exe	regsvr32.exe
PID 640 wrote to memory of 940	640	regsvr32.exe	regsvr32.exe
PID 640 wrote to memory of 940	640	regsvr32.exe	regsvr32.exe
PID 940 wrote to memory of 2232	940	regsvr32.exe	rundll32.exe
PID 940 wrote to memory of 2232	940	regsvr32.exe	rundll32.exe
PID 940 wrote to memory of 2232	940	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a7452bee2fa333c9e92360264e1827ff6e58378d9a4ac8dbf5980966b189ffa4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:640

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a7452bee2fa333c9e92360264e1827ff6e58378d9a4ac8dbf5980966b189ffa4.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:940

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\a7452bee2fa333c9e92360264e1827ff6e58378d9a4ac8dbf5980966b189ffa4.dll",DllRegisterServer
3⤵
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...