afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2 | Triage

Resubmissions

07-07-2022 11:51

220707-n1m6qahha2 10

31-01-2022 06:31

220131-g95nssgge2 3

Analysis

max time kernel
152s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
07-07-2022 11:51

Sharing

Report Analysis Logs

General

Target

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
Size

3.1MB
MD5

7a5324615cbf70bad37c84cefb012e80
SHA1

ebbac85d574144f92e23829bea472f3aa43100fa
SHA256

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2
SHA512

2f715f203eae83c448e81c4cbd283638cf5c080dbb607c67a1545e417b4066c8fc23990409e500aa82c77630198d9069a7da45be90f055dd3f46c3be1a4ed2c1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1880 2884 WerFault.exe regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2860 wrote to memory of 2884	2860	regsvr32.exe	regsvr32.exe
PID 2860 wrote to memory of 2884	2860	regsvr32.exe	regsvr32.exe
PID 2860 wrote to memory of 2884	2860	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2860

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
2⤵
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 648
3⤵
- Program crash
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2884 -ip 2884
1⤵
PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2884-130-0x0000000000000000-mapping.dmp

Download