Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    15/02/2023, 19:57

General

  • Target

    b481ac05ea9a59eedf6233166327057279babef26c913a8e89536472b192e86c.dll

  • Size

    581KB

  • MD5

    71675a9a8abbce8ba524f8f6ef3735ed

  • SHA1

    8e1aaed744a22f0d7240a4ad21a42d9779e05170

  • SHA256

    b481ac05ea9a59eedf6233166327057279babef26c913a8e89536472b192e86c

  • SHA512

    cfda0b5890e0c514f8cb349e8be2987ed3e920e476d7a7398c58e84aaa289b1621cfd4f80fb8fdf1c8cc89a3956885d5bd27aec55d4db255585a4f8cfa93cd1c

  • SSDEEP

    12288:thxWJiJvGs36YX1PpP0Dl026+0anwVKm+4S1w:tCiokBP0Rl6+0awV7S

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b481ac05ea9a59eedf6233166327057279babef26c913a8e89536472b192e86c.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2028 -s 220
      2⤵
      • Program crash
      PID:1624

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2028-54-0x000007FEFC421000-0x000007FEFC423000-memory.dmp

          Filesize

          8KB