34ba8d9a2fc9779c2261e2c93856d5b24aa6c46048b3520bea0595258f0b9f7a | Triage

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07-05-2023 09:20

Sharing

Report Analysis Logs

General

Target

sYYdOjoeG.dll
Size

650KB
MD5

bb1372e462191a8c955906a152c59e89
SHA1

32f18efd55f4b5df9c969c3870d07f816ad48430
SHA256

34ba8d9a2fc9779c2261e2c93856d5b24aa6c46048b3520bea0595258f0b9f7a
SHA512

e15f8b1c50956cb64dc6d021e7f609052e8986ecc366e6428ff7f9099acd3232524a7ed0ca6ff1361af763e720d92824d83475a944bd332625b26bf539ef1c88
SSDEEP

12288:VMeQsno2LR+eTz4kMJFGH6C7Fj73Whmrkj5S3u49aP:VDftXegvN7WhmIj5Ouu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1324 1212 WerFault.exe regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1212 wrote to memory of 1324	1212	regsvr32.exe	WerFault.exe
PID 1212 wrote to memory of 1324	1212	regsvr32.exe	WerFault.exe
PID 1212 wrote to memory of 1324	1212	regsvr32.exe	WerFault.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\sYYdOjoeG.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1212 -s 224
2⤵
- Program crash
PID:1324

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...