a6d10c62061f023e965160e2f9f68ba1528da4c05b44b1e023a60f18ec03d7e6 | Triage

Analysis

max time kernel
95s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 09:39

Sharing

Report Analysis Logs

General

Target

14c50749f1c4de0baf89895fa7e216b9.dll
Size

128KB
MD5

14c50749f1c4de0baf89895fa7e216b9
SHA1

246ccbea35586b6be7fef1efe9f3d06dee9159a2
SHA256

a6d10c62061f023e965160e2f9f68ba1528da4c05b44b1e023a60f18ec03d7e6
SHA512

09d9b81b87a4384e4690e3bcea135c92223cb70103bf21eb41ef72f1e9617a9ef7a71694328cd82899706f993e3aac51d39f422d3b0e46ae93d7fc770f510e97
SSDEEP

1536:fHLi9qmQh3uQdPiJIgvCrRLt9+Fb2TK/AO6xZ2C:fHL6A3BYIiCdJssca2C

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
728	2488	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 2488	1104	regsvr32.exe	86
PID 1104 wrote to memory of 2488	1104	regsvr32.exe	86
PID 1104 wrote to memory of 2488	1104	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\14c50749f1c4de0baf89895fa7e216b9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\14c50749f1c4de0baf89895fa7e216b9.dll
  2⤵
  PID:2488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 660
    3⤵
    - Program crash
    PID:728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2488 -ip 2488
1⤵
PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2488-0-0x00000000001C0000-0x00000000001E0000-memory.dmp

Filesize
128KB

Download