9b2cd94c1f2989047ac3588c74d4324502dd6dca31314eb9a8c48dda93bab41b | Triage

Resubmissions

11-04-2022 11:00

220411-m38d1ahaf9 3

11-04-2022 10:57

220411-m2k73sdhdq 3

Analysis

max time kernel
1s
platform
windows10_x64
resource
win10-20220223-en
submitted
11-04-2022 11:00

Sharing

Report Analysis Logs

General

Target

lib/elevated.dll
Size

211KB
MD5

852cad9d8043b764e953e1d93df22b45
SHA1

f3ff1e36f8055acb634238ada2d2b085036c409b
SHA256

dab482fe4470073b051ee3dfff8bf852dfa74b3d784009476974c0f72729a35d
SHA512

438b6fd2b5969a97a449a66ea1f11fca414189158ac4ece2eea78f96a8d6954c30a0dc99d371bdf9b886b9b94a45c883acf339391997d2705529652efd099cb7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3120 wrote to memory of 2456	3120	regsvr32.exe	regsvr32.exe
PID 3120 wrote to memory of 2456	3120	regsvr32.exe	regsvr32.exe
PID 3120 wrote to memory of 2456	3120	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\lib\elevated.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3120

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\lib\elevated.dll
2⤵
PID:2456

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2456-114-0x0000000000000000-mapping.dmp

Download