17604fe7ff6c1bd42222c0a23a0e1b73389d28bfc005fb486fed045a4981e947 | Triage

Analysis

max time kernel
130s
max time network
183s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

17604fe7ff6c1bd42222c0a23a0e1b73389d28bfc005fb486fed045a4981e947.dll
Size

512KB
MD5

50f01c52808e086a1fd18a81cad54116
SHA1

4c69f6bdf12b6585d8f83677f0e700cceaadabdf
SHA256

17604fe7ff6c1bd42222c0a23a0e1b73389d28bfc005fb486fed045a4981e947
SHA512

53a6ad9f4637d7bd5436163ef9602bda46566d100bc5e259d697ab8fbc576a0624b01933c9db4054e25272289c9eea44b0a20ab0270ee94b5942280c18729a37

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3100 wrote to memory of 3952	3100	regsvr32.exe	regsvr32.exe
PID 3100 wrote to memory of 3952	3100	regsvr32.exe	regsvr32.exe
PID 3100 wrote to memory of 3952	3100	regsvr32.exe	regsvr32.exe
PID 3952 wrote to memory of 2424	3952	regsvr32.exe	rundll32.exe
PID 3952 wrote to memory of 2424	3952	regsvr32.exe	rundll32.exe
PID 3952 wrote to memory of 2424	3952	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17604fe7ff6c1bd42222c0a23a0e1b73389d28bfc005fb486fed045a4981e947.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3100

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\17604fe7ff6c1bd42222c0a23a0e1b73389d28bfc005fb486fed045a4981e947.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3952

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17604fe7ff6c1bd42222c0a23a0e1b73389d28bfc005fb486fed045a4981e947.dll",DllRegisterServer
3⤵
PID:2424

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...