e1ad519680cd36967e12db3c7346b2db557bbe5d5f8c6e1af8b28bc3b5d8eca3 | Triage

Analysis

max time kernel
164s
max time network
175s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

e1ad519680cd36967e12db3c7346b2db557bbe5d5f8c6e1af8b28bc3b5d8eca3.dll
Size

520KB
MD5

ace963559544ddb9ff871a476a7a3b41
SHA1

27ff03136db6012a2f9c841793144a3e10a7feb6
SHA256

e1ad519680cd36967e12db3c7346b2db557bbe5d5f8c6e1af8b28bc3b5d8eca3
SHA512

8181c8d8da459d1ba68558f232b1cd3790af2cc0021ada87aa153a9f4c266c16df290f3d5d41b556393451c8dcb3688b07b59640b11ca4920d7ad4ede4b351a4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2692 wrote to memory of 3924	2692	regsvr32.exe	regsvr32.exe
PID 2692 wrote to memory of 3924	2692	regsvr32.exe	regsvr32.exe
PID 2692 wrote to memory of 3924	2692	regsvr32.exe	regsvr32.exe
PID 3924 wrote to memory of 636	3924	regsvr32.exe	rundll32.exe
PID 3924 wrote to memory of 636	3924	regsvr32.exe	rundll32.exe
PID 3924 wrote to memory of 636	3924	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e1ad519680cd36967e12db3c7346b2db557bbe5d5f8c6e1af8b28bc3b5d8eca3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\e1ad519680cd36967e12db3c7346b2db557bbe5d5f8c6e1af8b28bc3b5d8eca3.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3924

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\e1ad519680cd36967e12db3c7346b2db557bbe5d5f8c6e1af8b28bc3b5d8eca3.dll",DllRegisterServer
3⤵
PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...