9fbc9e2d3b292fc263cb10e181571f717808de2edaca7b56932a883dc1475192 | Triage

Analysis

max time kernel
148s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:20

Sharing

Report Analysis Logs

General

Target

2b8565b8ac4ddb036abaab9582fa474c.dll
Size

167KB
MD5

2b8565b8ac4ddb036abaab9582fa474c
SHA1

1018192c349b7580a24b89600b7c5b6c2e13cba9
SHA256

9fbc9e2d3b292fc263cb10e181571f717808de2edaca7b56932a883dc1475192
SHA512

7d77eee392465e012b181fb844ce8c41cac284d252ec5dd2b074f7a41812bbd1a64bdd909ca2b07f44177f36d4ed22d6f63df9d17fc1db5640842faacdd45563
SSDEEP

3072:fzQAbO0u3oDC7QOn+yMn9+AGG4/eBnkyiqZSv5:tbO078QOdNDeBnfip

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
396	4352	WerFault.exe	91

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 4352	1432	regsvr32.exe	91
PID 1432 wrote to memory of 4352	1432	regsvr32.exe	91
PID 1432 wrote to memory of 4352	1432	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2b8565b8ac4ddb036abaab9582fa474c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2b8565b8ac4ddb036abaab9582fa474c.dll
  2⤵
  PID:4352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 592
    3⤵
    - Program crash
    PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4352 -ip 4352
1⤵
PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4352-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download