Analysis
-
max time kernel
118s -
max time network
145s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
01-11-2021 23:10
General
-
Target
1fb8a2e53470ab81629bb7abeda6211ad814bbc3038f8abf001e8b3f21fc14ec.dll
-
Size
2.5MB
-
MD5
f87f5ddd8086130c876d84396ae61d16
-
SHA1
c2a0e84fa60dfc54c02b162462b3585a3b12a93d
-
SHA256
1fb8a2e53470ab81629bb7abeda6211ad814bbc3038f8abf001e8b3f21fc14ec
-
SHA512
80f71715f317750e1d4f0b414c40b97cba24bf560c2ba55a5ad4d774b3ddebfe82a2ec4b56baede41abacffcc315cb46995a5f8199bd9acd35654d27b679e519
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\1fb8a2e53470ab81629bb7abeda6211ad814bbc3038f8abf001e8b3f21fc14ec.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\1fb8a2e53470ab81629bb7abeda6211ad814bbc3038f8abf001e8b3f21fc14ec.dll2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 6123⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3384-116-0x0000000000000000-mapping.dmp
-
memory/3384-117-0x00000000047C0000-0x0000000004A28000-memory.dmpFilesize
2.4MB
-
memory/3384-118-0x0000000002D30000-0x0000000002E7A000-memory.dmpFilesize
1.3MB