e1dbfbc85b8b435d91e798b5f88f1bbf5d406647b473d89b3d60465e28feba1b

General

Target

1752-55-0x0000000180000000-0x000000018000B000-memory.dll
Size

44KB
MD5

26c5fca101a362c8a0bbeefbf08da798
SHA1

264bca602e7fd7c38045446802d548f4d116c300
SHA256

e1dbfbc85b8b435d91e798b5f88f1bbf5d406647b473d89b3d60465e28feba1b
SHA512

592b414a77519dd7fe344890dca891b4fbb3c6fea0479352deb0be2dcdb320ccbd9e103d573b6fb2837761452907e5f26aaf92d765b0ee858f9de881d60ceb2f

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 62 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\BIT468C.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\BIT9DA5.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\BITA666.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\BITA172.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\BIT3EBA.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\BIT52E4.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\BIT8466.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\Cmn5TH6S2lFFnfMN8MLr2EoNUIAGzQo2UUjHGMEC99A=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT8D35.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\FTTOLXxEZk0li+ZNE2Uo=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT8A56.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\c3ca3df6b0660cc02fa0c60992eb1164c186b223	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\612ad442b8740f4c57b8c84e6bf465ba4699118c	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT8E21.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\BIT9E14.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\BITACA0.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BITBB6D.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\5ondRmJ90JlkPETuN535TWk=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\LZOCjtiHKk8=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT8A36.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BITAD7C.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d341f4322500ef92547a141039af2d20\o\egfDu3QHOC\BITC36F.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\BIT51F9.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\9+dL4Puh6FM8puPxsBEX86BMeGqpuC0b7gf2fD9DLLo=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\BITA5C8.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d341f4322500ef92547a141039af2d20\o\egfDu3QHOC\BITC1D6.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d341f4322500ef92547a141039af2d20\BITC264.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\BIT3DDD.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT3E4C.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT89A8.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BITBADF.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\BIT45D0.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\BIT9E34.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\v9GXr9MSfUt92b0dEpOsHH2H0TwcnvKmtIW8g3ovM=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT94CA.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d341f4322500ef92547a141039af2d20\o\egfDu3QHOC\BITCA56.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\e1a85885fd4453165061351651289cce8f8590c4	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT4F68.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT942C.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\f3535a3b47819a04c6d5ee18905493be086e801e	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\BIT83D9.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d341f4322500ef92547a141039af2d20\BITCB13.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\BIT9CE9.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BITAE0B.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d341f4322500ef92547a141039af2d20\o\egfDu3QHOC\Xbfe7KpvVnvJHxQ2cRDBmUlnoMnpDY=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\6e15245aed25ee83b027521f9cf9ea812c9d016d	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\BITA0B6.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\BITB04E.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT3D50.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\a3f602ea4d534d006919a2613d91f9506b383314	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\F2WKV54ysEMEW9U+EfiUeJcNcgfNL4pMC5NmE0a3mAg=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT4EDA.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\d9f2a302574bf135efc9dbd1a8083a336f7f52f0	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\daNJ9YVgpN191GzoPynRDpTEDO9uUytOK6Ln7xcN8To=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT893A.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\fbaaae7103d0f0a1303a40d280aa18bafcd08dcf	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\BITB0CC.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d341f4322500ef92547a141039af2d20\2cd32031792245e69c7777193005916861cbbe94	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d341f4322500ef92547a141039af2d20\BITC3FC.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\af66e12c1bb9d8519da21259d0fcd88c247cb4f1	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\fDFnweOZvFE=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\BITADEB.tmp	svchost.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4516 4336 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4516	4336	WerFault.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1752-55-0x0000000180000000-0x000000018000B000-memory.dll,#1
1⤵
PID:4336
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4336 -s 244
  2⤵
  - Program crash
  PID:4516

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 4336 -ip 4336
1⤵
PID:4728

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Drops file in Windows directory
PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-134-0x00000219F1960000-0x00000219F1970000-memory.dmp

Filesize
64KB

Download
memory/1204-135-0x00000219F19C0000-0x00000219F19D0000-memory.dmp

Filesize
64KB

Download
memory/1204-136-0x00000219F3F60000-0x00000219F3F64000-memory.dmp

Filesize
16KB

Download
memory/1204-137-0x00000219F4560000-0x00000219F4564000-memory.dmp

Filesize
16KB

Download
memory/1204-138-0x00000219F4560000-0x00000219F4564000-memory.dmp

Filesize
16KB

Download
memory/1204-139-0x00000219F46B0000-0x00000219F46B4000-memory.dmp

Filesize
16KB

Download
memory/1204-140-0x00000219F46B0000-0x00000219F46B4000-memory.dmp

Filesize
16KB

Download
memory/1204-141-0x00000219F46F0000-0x00000219F46F4000-memory.dmp

Filesize
16KB

Download
memory/1204-142-0x00000219F4670000-0x00000219F4674000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads