Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
15/02/2023, 19:57
Static task
static1
Behavioral task
behavioral1
Sample
b481ac05ea9a59eedf6233166327057279babef26c913a8e89536472b192e86c.dll
Resource
win7-20221111-en
2 signatures
150 seconds
General
-
Target
b481ac05ea9a59eedf6233166327057279babef26c913a8e89536472b192e86c.dll
-
Size
581KB
-
MD5
71675a9a8abbce8ba524f8f6ef3735ed
-
SHA1
8e1aaed744a22f0d7240a4ad21a42d9779e05170
-
SHA256
b481ac05ea9a59eedf6233166327057279babef26c913a8e89536472b192e86c
-
SHA512
cfda0b5890e0c514f8cb349e8be2987ed3e920e476d7a7398c58e84aaa289b1621cfd4f80fb8fdf1c8cc89a3956885d5bd27aec55d4db255585a4f8cfa93cd1c
-
SSDEEP
12288:thxWJiJvGs36YX1PpP0Dl026+0anwVKm+4S1w:tCiokBP0Rl6+0awV7S
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1624 2028 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2028 wrote to memory of 1624 2028 regsvr32.exe 28 PID 2028 wrote to memory of 1624 2028 regsvr32.exe 28 PID 2028 wrote to memory of 1624 2028 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\b481ac05ea9a59eedf6233166327057279babef26c913a8e89536472b192e86c.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2028 -s 2202⤵
- Program crash
PID:1624
-