a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7 | Triage

Analysis

max time kernel
20s
max time network
9s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 09:33

Sharing

Report Analysis Logs

General

Target

a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7.dll
Size

282KB
MD5

4ab63b8e79b2a85bb9b9a18ee09e189c
SHA1

3e963c93377eb02aedd4f5d307445896fe82a290
SHA256

a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7
SHA512

4f3b3fbf69a4d401332dcc6bd9312861e169e88b106ea5e4e3cb431758ac080ffa5617ea1876709451c11aa296d33f4d33ce0b19092414aeea3ae423cd4e0f1d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 396 wrote to memory of 1364	396	regsvr32.exe	regsvr32.exe
PID 396 wrote to memory of 1364	396	regsvr32.exe	regsvr32.exe
PID 396 wrote to memory of 1364	396	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:396

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7.dll
2⤵
PID:1364

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...