004c053afed2ca3079d0a96093fc9fbe0bbc71de81cc4fe7f35c13716265a33c | Triage

Analysis

max time kernel
119s
max time network
159s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

004c053afed2ca3079d0a96093fc9fbe0bbc71de81cc4fe7f35c13716265a33c.dll
Size

520KB
MD5

0061116bc43ed4f424fb1033cff69f95
SHA1

0aa355a104bd3b8f9ebda2c29855ee47fbc2fb9c
SHA256

004c053afed2ca3079d0a96093fc9fbe0bbc71de81cc4fe7f35c13716265a33c
SHA512

77ee47cc8d16c8acd80e971838d7503b5b9482fd0d69550bf23fc185a70b509e828e9282f99205114696fc36005779d6cda91785529f6402b5073ef585a5f306

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2396 wrote to memory of 1520	2396	regsvr32.exe	regsvr32.exe
PID 2396 wrote to memory of 1520	2396	regsvr32.exe	regsvr32.exe
PID 2396 wrote to memory of 1520	2396	regsvr32.exe	regsvr32.exe
PID 1520 wrote to memory of 2216	1520	regsvr32.exe	rundll32.exe
PID 1520 wrote to memory of 2216	1520	regsvr32.exe	rundll32.exe
PID 1520 wrote to memory of 2216	1520	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\004c053afed2ca3079d0a96093fc9fbe0bbc71de81cc4fe7f35c13716265a33c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2396

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\004c053afed2ca3079d0a96093fc9fbe0bbc71de81cc4fe7f35c13716265a33c.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1520

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\004c053afed2ca3079d0a96093fc9fbe0bbc71de81cc4fe7f35c13716265a33c.dll",DllRegisterServer
3⤵
PID:2216

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...