Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
28/10/2022, 00:38
Static task
static1
Behavioral task
behavioral1
Sample
Details.lnk
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
Details.lnk
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
disallowable/hyperbolized.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
disallowable/hyperbolized.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
disallowable/sulfate.cmd
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
disallowable/sulfate.cmd
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
disallowable/hyperbolized.dll
-
Size
422KB
-
MD5
6456ce9903d7e0917f577d3caea5dee1
-
SHA1
4d7b2c4c9745cf579af9f92909a387ab93805b9a
-
SHA256
45749feb2cc5fc85b002930bd4684fb75708483812fa1801c27a933da918a4c9
-
SHA512
f01f1dd6aafea72fde2c3b91250e4b562215bec46b5c14ceaf98cea046f82d96963c27c5d91a11d5eabe5de75a4158a62477ffa8a80b35c31f5219854b78fd2c
-
SSDEEP
12288:eqdD/sblafl4M/8toGXJZ6diNjBo8Ywr6t57AKC:eqdclafl4eGXuiNO8Ye6c
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1536 regsvr32.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe 1712 wermgr.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1536 regsvr32.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 768 wrote to memory of 1536 768 regsvr32.exe 27 PID 768 wrote to memory of 1536 768 regsvr32.exe 27 PID 768 wrote to memory of 1536 768 regsvr32.exe 27 PID 768 wrote to memory of 1536 768 regsvr32.exe 27 PID 768 wrote to memory of 1536 768 regsvr32.exe 27 PID 768 wrote to memory of 1536 768 regsvr32.exe 27 PID 768 wrote to memory of 1536 768 regsvr32.exe 27 PID 1536 wrote to memory of 1712 1536 regsvr32.exe 28 PID 1536 wrote to memory of 1712 1536 regsvr32.exe 28 PID 1536 wrote to memory of 1712 1536 regsvr32.exe 28 PID 1536 wrote to memory of 1712 1536 regsvr32.exe 28 PID 1536 wrote to memory of 1712 1536 regsvr32.exe 28 PID 1536 wrote to memory of 1712 1536 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\disallowable\hyperbolized.dll1⤵
- Suspicious use of WriteProcessMemory
PID:768 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\disallowable\hyperbolized.dll2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1536 -
C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1712
-
-