19a7e53ecb569e53b441784e688333c00a507dd23fe32ab7cb9b4a08f11f417f | Triage

Analysis

max time kernel
188s
max time network
208s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

19a7e53ecb569e53b441784e688333c00a507dd23fe32ab7cb9b4a08f11f417f.dll
Size

512KB
MD5

428574334888fe0c0cceb55823172335
SHA1

87c731a12bc668c259d097e68f9542140ac68cb0
SHA256

19a7e53ecb569e53b441784e688333c00a507dd23fe32ab7cb9b4a08f11f417f
SHA512

84feadf1bf9fa603d1919707ef533ec81ea27284f562c3de47729c9d7a538702206763be41734d357bc91f2a6c5e69c9e4c03fe9a31c1a3854e67a6b25ae63e2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 632 wrote to memory of 892	632	regsvr32.exe	regsvr32.exe
PID 632 wrote to memory of 892	632	regsvr32.exe	regsvr32.exe
PID 632 wrote to memory of 892	632	regsvr32.exe	regsvr32.exe
PID 892 wrote to memory of 1168	892	regsvr32.exe	rundll32.exe
PID 892 wrote to memory of 1168	892	regsvr32.exe	rundll32.exe
PID 892 wrote to memory of 1168	892	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\19a7e53ecb569e53b441784e688333c00a507dd23fe32ab7cb9b4a08f11f417f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:632

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\19a7e53ecb569e53b441784e688333c00a507dd23fe32ab7cb9b4a08f11f417f.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:892

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\19a7e53ecb569e53b441784e688333c00a507dd23fe32ab7cb9b4a08f11f417f.dll",DllRegisterServer
3⤵
PID:1168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...