Resubmissions

05-07-2022 07:40

220705-jhsahafbap 10

04-07-2022 19:01

220704-xphxascgf8 10

Analysis

  • max time kernel
    108s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    05-07-2022 07:40

General

  • Target

    a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll

  • Size

    682KB

  • MD5

    517d2b385b846d6ea13b75b8adceb061

  • SHA1

    3c54c9a49a8ddca02189fe15fea52fe24f41a86f

  • SHA256

    a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec

  • SHA512

    1de912f50b7f5cc2f4fcea7b6d3c84a39bd15d668122f50a9b11da66447ed99f456e86e006d0dfe7ab0fca7dc8e35efa7ff57959033463d94ef37e5705515430

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll
      2⤵
        PID:3460
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 460 -p 4104 -ip 4104
      1⤵
        PID:4480
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 4104 -s 1768
        1⤵
        • Program crash
        PID:2192

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3460-130-0x0000000000000000-mapping.dmp