dfa44697ec833ad6e15dbb1f0aa9e443ae591d4b8f777e08c997ddcc031ec165

General

Target

12d88935437064d8478bc4adec0c0042fb73da774905004c7de55e559729e15c.dll
Size

170KB
MD5

eee617806c18710e8635615de6297834
SHA1

a629961de369fac6e25b2846bc06df4997a47669
SHA256

12d88935437064d8478bc4adec0c0042fb73da774905004c7de55e559729e15c
SHA512

93c9faa68616b9fa6141997f93f93279dbd62cf4e0518c37b0692352661c982a7bc5b698bed732ae35e29c56e5edd6c18a5dc48791d8103efae3d849d1db41bf

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

regsvr32.execmd.exenet.execmd.exenet.exe

description	pid	process	target process
PID 1424 wrote to memory of 1376	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 1376	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 1376	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 1760	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 1760	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 1760	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 2020	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 2020	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 2020	1424	regsvr32.exe	cmd.exe
PID 2020 wrote to memory of 1716	2020	cmd.exe	net.exe
PID 2020 wrote to memory of 1716	2020	cmd.exe	net.exe
PID 2020 wrote to memory of 1716	2020	cmd.exe	net.exe
PID 1716 wrote to memory of 544	1716	net.exe	net1.exe
PID 1716 wrote to memory of 544	1716	net.exe	net1.exe
PID 1716 wrote to memory of 544	1716	net.exe	net1.exe
PID 1424 wrote to memory of 548	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 548	1424	regsvr32.exe	cmd.exe
PID 1424 wrote to memory of 548	1424	regsvr32.exe	cmd.exe
PID 548 wrote to memory of 1536	548	cmd.exe	net.exe
PID 548 wrote to memory of 1536	548	cmd.exe	net.exe
PID 548 wrote to memory of 1536	548	cmd.exe	net.exe
PID 1536 wrote to memory of 1404	1536	net.exe	net1.exe
PID 1536 wrote to memory of 1404	1536	net.exe	net1.exe
PID 1536 wrote to memory of 1404	1536	net.exe	net1.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\12d88935437064d8478bc4adec0c0042fb73da774905004c7de55e559729e15c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1424

C:\Windows\system32\cmd.exe
cmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\F3EC.tmp
2⤵
PID:1376

C:\Windows\system32\cmd.exe
cmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\F3EC.tmp
2⤵
PID:1760

C:\Windows\system32\cmd.exe
cmd /c "net session" >> C:\Users\Admin\AppData\Local\Temp\ACA8.tmp
2⤵
- Suspicious use of WriteProcessMemory
PID:2020

C:\Windows\system32\net.exe
net session
3⤵
- Suspicious use of WriteProcessMemory
PID:1716

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
4⤵
PID:544

C:\Windows\system32\cmd.exe
cmd /c "net group "domain computers" /domain" >> C:\Users\Admin\AppData\Local\Temp\C138.tmp
2⤵
- Suspicious use of WriteProcessMemory
PID:548

C:\Windows\system32\net.exe
net group "domain computers" /domain
3⤵
- Suspicious use of WriteProcessMemory
PID:1536

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 group "domain computers" /domain
4⤵
PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ACA8.tmp
Filesize
37B

MD5
768165e0abf16bf3056836d5431a7296

SHA1
9fb3196be60e49bfc319ebd9e0b103954d711e34

SHA256
b44c505b721e93e2a596577018cc65b993cd632b9fe7620a4b3db54031afff5d

SHA512
1250ec40ba20f39a5b9a3aafd45c63cb6f1bf48b89acce1f885470c936fb48a803081943c68458ba1adce92d5fe79d3e45682285f56ecb29884d41974269992d

Download Submit
C:\Users\Admin\AppData\Local\Temp\C138.tmp
Filesize
78B

MD5
aaec14b2de8e2fdaf8427672122af65c

SHA1
ca953efad669c93af85b968d747baa544d4465fb

SHA256
14c94c44d0eb89a820d96e1791f4b754c87ee778b5f4478289df0fb22e1c3da1

SHA512
a5cbad3de5070fdcd6aa7f3f5eda42b69faef44a431cf48e20ca1f4f42c648ee80bd5f1d9b981624ae6b39e2435b4278c9fd1e97491e3b244a2bba7d629021a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\F3EC.tmp
Filesize
173B

MD5
4238c7765eb98cb16a21826e4e6d8a38

SHA1
6919072e7bfaed6070c400a4c20f8982282c3892

SHA256
5298588ade49f2bcb81b187e91d9bbed99a661ad8790f78c2afbaed4287788fd

SHA512
cc2c6d714dfe7b4472c680a7eea1c40ded5bea7b3aa2891accba611da812481f8b5ebb7273d0fd99312878b44ee68aa47a3acfc88d7d62ee8d4aaa03b8133496

Download Submit
C:\Users\Admin\AppData\Local\Temp\F3EC.tmp
Filesize
3KB

MD5
3f4740b2bafb7cdf1c61a79afa434edf

SHA1
5fdcd7b47e674a0196d74d2a102546c90faa8b34

SHA256
f6109e78cf761be5dea67063af4b48e75cab2386cec839cc5259316fde5d1a32

SHA512
3e3d3501f430e822e237f752ce91f2d8f5d59fba4459e9f9338894d26ea7f7eb95f72a6b0ce15585576de34dc30e50bf7c0395fa4b0389e70c0cf6fe0462292c

Download Submit
memory/544-64-0x0000000000000000-mapping.dmp

Download
memory/548-66-0x0000000000000000-mapping.dmp

Download
memory/1376-58-0x0000000000000000-mapping.dmp

Download
memory/1404-68-0x0000000000000000-mapping.dmp

Download
memory/1424-54-0x000007FEFBFF1000-0x000007FEFBFF3000-memory.dmp

Filesize
8KB

Download
memory/1424-57-0x00000000002B0000-0x00000000002C3000-memory.dmp

Filesize
76KB

Download
memory/1424-55-0x00000000002B0000-0x00000000002C3000-memory.dmp

Filesize
76KB

Download
memory/1536-67-0x0000000000000000-mapping.dmp

Download
memory/1716-63-0x0000000000000000-mapping.dmp

Download
memory/1760-59-0x0000000000000000-mapping.dmp

Download
memory/2020-62-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads