b38cb56d6072ce961d718765929f84b0fbcea0b8da2090516fd1f065f60884ba | Triage

Analysis

max time kernel
162s
max time network
180s
platform
windows10_x64
resource
win10-en-20211208
submitted
31-01-2022 17:06

Sharing

Report Analysis Logs

General

Target

b38cb56d6072ce961d718765929f84b0fbcea0b8da2090516fd1f065f60884ba.dll
Size

412KB
MD5

13fa7edb5394d91d155cbb8048b456aa
SHA1

7a4d2558258fa4eddc03866bef8ea2f4536ad0b3
SHA256

b38cb56d6072ce961d718765929f84b0fbcea0b8da2090516fd1f065f60884ba
SHA512

ab4afd20538fd67cc29b8b557e9755851694cd6be6c2a1117152ed3e2ccc3e4f3773550ca297d919e659ab540c513ec96fb8cdd697c651440315b0aefc9ebf62

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2548 wrote to memory of 1200	2548	regsvr32.exe	regsvr32.exe
PID 2548 wrote to memory of 1200	2548	regsvr32.exe	regsvr32.exe
PID 2548 wrote to memory of 1200	2548	regsvr32.exe	regsvr32.exe
PID 1200 wrote to memory of 2836	1200	regsvr32.exe	rundll32.exe
PID 1200 wrote to memory of 2836	1200	regsvr32.exe	rundll32.exe
PID 1200 wrote to memory of 2836	1200	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b38cb56d6072ce961d718765929f84b0fbcea0b8da2090516fd1f065f60884ba.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2548

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\b38cb56d6072ce961d718765929f84b0fbcea0b8da2090516fd1f065f60884ba.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1200

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\b38cb56d6072ce961d718765929f84b0fbcea0b8da2090516fd1f065f60884ba.dll",DllRegisterServer
3⤵
PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads