c0d1b128ae46de346679a6cf4d332514e363d0ce74dc3b56851df59ebd4d0f85 | Triage

Analysis

max time kernel
164s
max time network
184s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

c0d1b128ae46de346679a6cf4d332514e363d0ce74dc3b56851df59ebd4d0f85.dll
Size

512KB
MD5

f4796f0fba9f4a3e754c21faf192457d
SHA1

81c881fa83040bd84b98f37ecd40cf3f282b1754
SHA256

c0d1b128ae46de346679a6cf4d332514e363d0ce74dc3b56851df59ebd4d0f85
SHA512

6ef8f752651462683e17e7a7bc079ae6b2cf19e5abbf104cf8b4d645847f7608f340a4d49a6267150f23d519e9c9a38bec2d3001f00ab5e4f090811e9292c44b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2260 wrote to memory of 3852	2260	regsvr32.exe	regsvr32.exe
PID 2260 wrote to memory of 3852	2260	regsvr32.exe	regsvr32.exe
PID 2260 wrote to memory of 3852	2260	regsvr32.exe	regsvr32.exe
PID 3852 wrote to memory of 1188	3852	regsvr32.exe	rundll32.exe
PID 3852 wrote to memory of 1188	3852	regsvr32.exe	rundll32.exe
PID 3852 wrote to memory of 1188	3852	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c0d1b128ae46de346679a6cf4d332514e363d0ce74dc3b56851df59ebd4d0f85.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2260

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c0d1b128ae46de346679a6cf4d332514e363d0ce74dc3b56851df59ebd4d0f85.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3852

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\c0d1b128ae46de346679a6cf4d332514e363d0ce74dc3b56851df59ebd4d0f85.dll",DllRegisterServer
3⤵
PID:1188

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...