afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2

Resubmissions

07-07-2022 11:51

31-01-2022 06:31

Target

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
Size

3.1MB
MD5

7a5324615cbf70bad37c84cefb012e80
SHA1

ebbac85d574144f92e23829bea472f3aa43100fa
SHA256

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2
SHA512

2f715f203eae83c448e81c4cbd283638cf5c080dbb607c67a1545e417b4066c8fc23990409e500aa82c77630198d9069a7da45be90f055dd3f46c3be1a4ed2c1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
512	2724	WerFault.exe	68

Suspicious behavior: EnumeratesProcesses 12 IoCs

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2724	2728	regsvr32.exe	68
PID 2728 wrote to memory of 2724	2728	regsvr32.exe	68
PID 2728 wrote to memory of 2724	2728	regsvr32.exe	68

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
  2⤵
  PID:2724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 660
    3⤵
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:512