55162db461c59a1d05ac7cac91c9a1048b059cc4c36497abc40a46fddef41cee | Triage

Analysis

max time kernel
120s
max time network
158s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

55162db461c59a1d05ac7cac91c9a1048b059cc4c36497abc40a46fddef41cee.dll
Size

520KB
MD5

2239a8329f5b13450d604a1db1715a7e
SHA1

d9799ff76b7c8c196e6b84a0ddb7c9c2c07ea67f
SHA256

55162db461c59a1d05ac7cac91c9a1048b059cc4c36497abc40a46fddef41cee
SHA512

9cd971cfe0e6a98ac03b0169328c19e953a4e7695ea0a051aaf9bbde05701b9aada8af0eb4857ef62b096a17baee794f234a852db9ffc955a5f8e5b459764117

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3780 wrote to memory of 4000	3780	regsvr32.exe	regsvr32.exe
PID 3780 wrote to memory of 4000	3780	regsvr32.exe	regsvr32.exe
PID 3780 wrote to memory of 4000	3780	regsvr32.exe	regsvr32.exe
PID 4000 wrote to memory of 4036	4000	regsvr32.exe	rundll32.exe
PID 4000 wrote to memory of 4036	4000	regsvr32.exe	rundll32.exe
PID 4000 wrote to memory of 4036	4000	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\55162db461c59a1d05ac7cac91c9a1048b059cc4c36497abc40a46fddef41cee.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3780

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\55162db461c59a1d05ac7cac91c9a1048b059cc4c36497abc40a46fddef41cee.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4000

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\55162db461c59a1d05ac7cac91c9a1048b059cc4c36497abc40a46fddef41cee.dll",DllRegisterServer
3⤵
PID:4036

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...