31d025c022dfa29f0d953d477a5cefebe91bf28e60fa771b407cc0b25dd65355 | Triage

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2023 03:30

Sharing

Report Analysis Logs

General

Target

4330000.dll
Size

455KB
MD5

8e692f5c57cd81e94e3c0982b5f91f74
SHA1

e0085dee4adb2299f1807ff39847852ce578ef1d
SHA256

31d025c022dfa29f0d953d477a5cefebe91bf28e60fa771b407cc0b25dd65355
SHA512

d62860682ea77e44bd397e9475bc62f6372d5932ef807f9263682517a5bc7ba3935c81a98fcef5954bcea09cc5acec47f328da86ebf998146f80daba6cdafbbd
SSDEEP

6144:nYGKcdvv6azsX7kDriqiN0DaSCrIB28UJ1F5FRpS0X:YGKKDAmhi+Da3rIByJ13pR

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
460	2340	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 2340	824	regsvr32.exe	84
PID 824 wrote to memory of 2340	824	regsvr32.exe	84
PID 824 wrote to memory of 2340	824	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4330000.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:824
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4330000.dll
  2⤵
  PID:2340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 596
    3⤵
    - Program crash
    PID:460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2340 -ip 2340
1⤵
PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads