cb5ba29ef3c3c72f9a3486d3fda1e22cd57a7d7b8133f890404c21f721815684 | Triage

Analysis

max time kernel
121s
max time network
161s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

cb5ba29ef3c3c72f9a3486d3fda1e22cd57a7d7b8133f890404c21f721815684.dll
Size

520KB
MD5

4d6c77ddc4794a58ddaa917375fd18bb
SHA1

31a059dd0153e484d6e147e24eeb094ffc545837
SHA256

cb5ba29ef3c3c72f9a3486d3fda1e22cd57a7d7b8133f890404c21f721815684
SHA512

e62b3a00ef462c897db7e96e283b950635b0c6de5d6bb9401f1077f586300ca023cfa599b2255d232e526b0d2ba9897d91ba7bc9aa4b1f2dfba777b5cb1bdd11

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 64 wrote to memory of 3084	64	regsvr32.exe	regsvr32.exe
PID 64 wrote to memory of 3084	64	regsvr32.exe	regsvr32.exe
PID 64 wrote to memory of 3084	64	regsvr32.exe	regsvr32.exe
PID 3084 wrote to memory of 2300	3084	regsvr32.exe	rundll32.exe
PID 3084 wrote to memory of 2300	3084	regsvr32.exe	rundll32.exe
PID 3084 wrote to memory of 2300	3084	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cb5ba29ef3c3c72f9a3486d3fda1e22cd57a7d7b8133f890404c21f721815684.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:64

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\cb5ba29ef3c3c72f9a3486d3fda1e22cd57a7d7b8133f890404c21f721815684.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3084

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\cb5ba29ef3c3c72f9a3486d3fda1e22cd57a7d7b8133f890404c21f721815684.dll",DllRegisterServer
3⤵
PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...