b8f7abca3b0147fa30f3f0fcf63a1e2426ee4f0b6d07ef2155f02aac87cf41fe | Triage

Resubmissions

05-07-2022 07:40

220705-jhsahafbap 10

04-07-2022 19:01

220704-xphxascgf8 10

Analysis

max time kernel
108s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
05-07-2022 07:40

Sharing

Report Analysis Logs

General

Target

a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll
Size

682KB
MD5

517d2b385b846d6ea13b75b8adceb061
SHA1

3c54c9a49a8ddca02189fe15fea52fe24f41a86f
SHA256

a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec
SHA512

1de912f50b7f5cc2f4fcea7b6d3c84a39bd15d668122f50a9b11da66447ed99f456e86e006d0dfe7ab0fca7dc8e35efa7ff57959033463d94ef37e5705515430

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2192 4104 WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2296 wrote to memory of 3460	2296	regsvr32.exe	regsvr32.exe
PID 2296 wrote to memory of 3460	2296	regsvr32.exe	regsvr32.exe
PID 2296 wrote to memory of 3460	2296	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2296

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a259e9b0acf375a8bef8dbc27a8a1996ee02a56889cba07ef58c49185ab033ec.dll
2⤵
PID:3460

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 4104 -ip 4104
1⤵
PID:4480

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4104 -s 1768
1⤵
- Program crash
PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3460-130-0x0000000000000000-mapping.dmp

Download