Resubmissions
21-10-2021 10:35
211021-mmmglaback 1020-10-2021 19:12
211020-xwr4jshed7 1020-10-2021 17:12
211020-vqvldaacdj 10Analysis
-
max time kernel
307s -
max time network
839s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
21-10-2021 10:35
General
-
Target
Documents.tmp.dll
-
Size
1.7MB
-
MD5
133f935f9bc1c919af18db30f9db657d
-
SHA1
afb6253e491e109ebe2445ab4935f37120420b5c
-
SHA256
0648bdad8a597280f65f4db2448ba1524d6508841933156f4dfef9d1fe2e5075
-
SHA512
5d0c5f6ca0b28253a3537c11cfc7f5a72e417c4b4607a148dfa770c307466e81058f56b7ad67cb32761442cda0d720ea23281b41b4979f545ceff5041327cd04
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\Documents.tmp.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\Documents.tmp.dll2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 6163⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2756-115-0x0000000000000000-mapping.dmp
-
memory/2756-116-0x00000000043C0000-0x0000000004628000-memory.dmpFilesize
2.4MB
-
memory/2756-117-0x0000000002990000-0x0000000002ADA000-memory.dmpFilesize
1.3MB