Resubmissions

07-07-2022 11:51

220707-n1m6qahha2 10

31-01-2022 06:31

220131-g95nssgge2 3

Analysis

  • max time kernel
    152s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    07-07-2022 11:51

General

  • Target

    afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll

  • Size

    3.1MB

  • MD5

    7a5324615cbf70bad37c84cefb012e80

  • SHA1

    ebbac85d574144f92e23829bea472f3aa43100fa

  • SHA256

    afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2

  • SHA512

    2f715f203eae83c448e81c4cbd283638cf5c080dbb607c67a1545e417b4066c8fc23990409e500aa82c77630198d9069a7da45be90f055dd3f46c3be1a4ed2c1

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
      2⤵
        PID:2884
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 648
          3⤵
          • Program crash
          PID:1880
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2884 -ip 2884
      1⤵
        PID:1864

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads