Analysis
-
max time kernel
135s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
23-11-2022 19:13
General
-
Target
5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03.dll
-
Size
210KB
-
MD5
370e8bec237179c34e756770701087d3
-
SHA1
e43f165ac5c2227c2f562be85107e6caa2a95076
-
SHA256
5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03
-
SHA512
16f28d87a2a1070bc35c7106e309542612c3ba44cca4b570290cb28964771220d847e5a6438ceca2a1000441536fbfa9233170630eb3f7dbb3fe73ced6756f40
-
SSDEEP
6144:yuhU22wUrh0p+J9cZtspaAwvl+ID6rhIhiuTm:yuaXwI0PZtEh6jWhJuTm
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03.dll2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 5963⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 6203⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4700 -ip 47001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4700 -ip 47001⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4700-132-0x0000000000000000-mapping.dmp