2e70498aaac61c28dcd487d4e56d1fcf024f7a744bedf92aae208d552da73879 | Triage

Analysis

max time kernel
169s
max time network
187s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

2e70498aaac61c28dcd487d4e56d1fcf024f7a744bedf92aae208d552da73879.dll
Size

520KB
MD5

9a30063853039b3ef607e6060c51cde8
SHA1

4977ba98235d09d593e81193e7d74c415fe6b36e
SHA256

2e70498aaac61c28dcd487d4e56d1fcf024f7a744bedf92aae208d552da73879
SHA512

e18af553e76deb4463e22674ac258c10b319f96827fd45f8e7871d0acf286e851f343ed938401399782ca1d34fa5d9bcf82dec5d645e86ec787d32e149f8cf1b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3116 wrote to memory of 436	3116	regsvr32.exe	regsvr32.exe
PID 3116 wrote to memory of 436	3116	regsvr32.exe	regsvr32.exe
PID 3116 wrote to memory of 436	3116	regsvr32.exe	regsvr32.exe
PID 436 wrote to memory of 3460	436	regsvr32.exe	rundll32.exe
PID 436 wrote to memory of 3460	436	regsvr32.exe	rundll32.exe
PID 436 wrote to memory of 3460	436	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2e70498aaac61c28dcd487d4e56d1fcf024f7a744bedf92aae208d552da73879.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3116

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\2e70498aaac61c28dcd487d4e56d1fcf024f7a744bedf92aae208d552da73879.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:436

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\2e70498aaac61c28dcd487d4e56d1fcf024f7a744bedf92aae208d552da73879.dll",DllRegisterServer
3⤵
PID:3460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...