83bef3231ece651f925d7fb6b5ffbac9edf5cb2b3f42d6797df98e0b9cd5fdc0

Analysis

max time kernel
15s
max time network
19s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
23-11-2022 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

oak21109 10.1.73.9/HPCustPartUI.dll
Size

171KB
MD5

38c43e589e3dc65258322d91b58e2e15
SHA1

1a6e675d82e67cc41493ff991f99da70316848c4
SHA256

7ee776272f7c51e41e10f5ffbd55c8c24ddb332e8c376e132e5a8cb72abd7397
SHA512

553bb14f0bb5c5c2d392798a18922ea3cbae9be6d08b2ce7b0642483b260eda75f7885a661cc57cb3c7b88fa451a331a207e706893c718ee9ee4f05acd089fd8
SSDEEP

3072:wB21bAkBSE+2ZugTbDGLzX/YTOzowPhwDLLCivOjXQmXSCgK:wk1cfeTOLrgTOzow+DMgmXSCg

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2340 3828 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2340	3828	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3512 wrote to memory of 3828	3512	rundll32.exe	rundll32.exe
PID 3512 wrote to memory of 3828	3512	rundll32.exe	rundll32.exe
PID 3512 wrote to memory of 3828	3512	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\oak21109 10.1.73.9\HPCustPartUI.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\oak21109 10.1.73.9\HPCustPartUI.dll",#1
2⤵
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 620
3⤵
- Program crash
PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3828-117-0x0000000000000000-mapping.dmp

Download
memory/3828-118-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-119-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-120-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-121-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-122-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-123-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-124-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-125-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-126-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-127-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-128-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-129-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-130-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-131-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-132-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-133-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-134-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-135-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-136-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-137-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-138-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-139-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-140-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-142-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-141-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-143-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-144-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-145-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-146-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-147-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-148-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-149-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-150-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-152-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-151-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-153-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-154-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-155-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-156-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-157-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-158-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-159-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3828-160-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download