Overview
overview
5Static
static
3AppvIsvSub...64.dll
windows7-x64
1AppvIsvSub...64.dll
windows10-2004-x64
3Mso20Win32Client.dll
windows7-x64
1Mso20Win32Client.dll
windows10-2004-x64
3e-yazi.doc... .exe
windows7-x64
1e-yazi.doc... .exe
windows10-2004-x64
5e-yazi.pdf
windows7-x64
1e-yazi.pdf
windows10-2004-x64
1Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2023, 13:32
Static task
static1
Behavioral task
behavioral1
Sample
AppvIsvSubsystems64.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AppvIsvSubsystems64.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Mso20Win32Client.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Mso20Win32Client.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
e-yazi.docx .exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
e-yazi.docx .exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
e-yazi.pdf
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
e-yazi.pdf
Resource
win10v2004-20230220-en
General
-
Target
AppvIsvSubsystems64.dll
-
Size
130KB
-
MD5
129da1e7c8613fd8c2843d9ec191e30e
-
SHA1
29bab281b479fd972cbceb7cbae39ca62de3ddc4
-
SHA256
60d96d8d3a09f822ded0a3c84194a5d88ed62a979cbb6378545b45b04353bb37
-
SHA512
d611e467683fd6fa4d147a5c694df07344fad2ddf8bc315e70ad6501bce4e88f9478a4d8a7011272029452afd7d85d097a166f361cf22ba4116d7c8864709ea7
-
SSDEEP
1536:cZXHlxruHwi3l75jaHVHbQRf4Ty/vfwrqtkgbOw+aDwlNN9+caF4dfaHHgHesXt2:iCQija17o//wKkg1HDRYdigJdOa+
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2552 2516 WerFault.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\AppvIsvSubsystems64.dll,#11⤵PID:2516
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2516 -s 2242⤵
- Program crash
PID:2552
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 188 -p 2516 -ip 25161⤵PID:4876