630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426 | Triage

Analysis

max time kernel
10s
max time network
10s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 10:15

Sharing

Report Analysis Logs

General

Target

630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426.dll
Size

238KB
MD5

066f72a55a261f84c8c22bb1a18309e3
SHA1

144cf2e0dde280f287b0b4e634c31c12590e74c3
SHA256

630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426
SHA512

52a9f9e86f5a99117e4d83435553a4dfc49192bef701900dbb01b6eda3b73a286be13378d549b5a7b7c0e75bba1932e20019dfefcbdce4ab023a005698951197

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3808 wrote to memory of 4576	3808	regsvr32.exe	regsvr32.exe
PID 3808 wrote to memory of 4576	3808	regsvr32.exe	regsvr32.exe
PID 3808 wrote to memory of 4576	3808	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3808

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426.dll
2⤵
PID:4576

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe e68f09c94ad63cf0922f22a80aa3dac4 cf8gre/zKEWJTDzlkaynQg.0.1.0.0.0
1⤵
PID:4828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4576-130-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download