Analysis
-
max time kernel
312s -
max time network
362s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 04:18
Behavioral task
behavioral1
Sample
dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030.dll
-
Size
136KB
-
MD5
727037421b12339457ffe41cba3000ef
-
SHA1
5b67a6a44e71fac0d94e2b422e7136e7db64cef1
-
SHA256
dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030
-
SHA512
d60efe53e3d57be396a0149debc6bb80cc07ec0835f6fabffff5586a7edb3f999ecbbc8cfb41cc6d5fbf83883b83fd207aa90834455d025985f16e497665c950
-
SSDEEP
3072:B6ptVlj+ozm4Xu11OWT2yNZscdmxU8R0X7rNtP4I3g5CaUs4t4cQ/+:asTOWT2yNZsrv0X7rr5g
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2280 wrote to memory of 3996 2280 regsvr32.exe regsvr32.exe PID 2280 wrote to memory of 3996 2280 regsvr32.exe regsvr32.exe PID 2280 wrote to memory of 3996 2280 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3996-132-0x0000000000000000-mapping.dmp