ebd6f89eb003af3893c5ea11032fac4b58c2837119228db862a92de62241e0e7

Analysis

max time kernel
117s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b66b625fac60d06e64a4ad3e4ae1c00d.dll
Size

1.4MB
MD5

b66b625fac60d06e64a4ad3e4ae1c00d
SHA1

569cc0cb9477bf2f07e01b27353d20b64c501fa1
SHA256

ebd6f89eb003af3893c5ea11032fac4b58c2837119228db862a92de62241e0e7
SHA512

d08fbb56229432269c878d4bfcce82bf2521a84c1e536862d526235fba842dcc0c79061bbdeb627cf92a8f3989ff7739c944d051b132ecd5c5c4542d8a647caf
SSDEEP

24576:wZ5LzygEGoYkR4HYYAmax3ksunYLw2kXPIShK5TwL6fjjkPPLkDlxpQfjqtd5vYT:wPzygEGRD4YAmKkssePqK1AKjjXCq31i

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1556	e58824a.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
2528	regsvr32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2956	1556	WerFault.exe	105

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 2528	4708	regsvr32.exe	89
PID 4708 wrote to memory of 2528	4708	regsvr32.exe	89
PID 4708 wrote to memory of 2528	4708	regsvr32.exe	89
PID 2528 wrote to memory of 1556	2528	regsvr32.exe	105
PID 2528 wrote to memory of 1556	2528	regsvr32.exe	105
PID 2528 wrote to memory of 1556	2528	regsvr32.exe	105

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b66b625fac60d06e64a4ad3e4ae1c00d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b66b625fac60d06e64a4ad3e4ae1c00d.dll
  2⤵
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\e58824a.exe
    "C:\Users\Admin\AppData\Local\Temp\e58824a.exe"
    3⤵
    - Executes dropped EXE
    PID:1556
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 804
      4⤵
      Program crash
      PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 1556 -ip 1556
1⤵
PID:3472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e58824a.exe

Filesize
21KB

MD5
858939a54a0406e5be7220b92b6eb2b3

SHA1
da24c0b6f723a74a8ec59e58c9c0aea3e86b7109

SHA256
a30f30a109cb78d5eb1969f6c13f01a1e0a5f07b7ad8b133f5d2616223c1ce0a

SHA512
8875d1e43ea59314695747796894a2f171e92f7b04024dbc529af1497331489e279cd06ea03061288089d2f07ad437178b9d62f0bae2e16ae0b95c5681569401

Download Submit
memory/1556-40-0x00000000726E0000-0x0000000072E90000-memory.dmp

Filesize
7.7MB

Download
memory/1556-39-0x00000000726E0000-0x0000000072E90000-memory.dmp

Filesize
7.7MB

Download
memory/1556-38-0x00000000001E0000-0x00000000001E8000-memory.dmp

Filesize
32KB

Download
memory/2528-17-0x0000000002760000-0x00000000027E5000-memory.dmp

Filesize
532KB

Download
memory/2528-19-0x0000000002760000-0x00000000027E5000-memory.dmp

Filesize
532KB

Download
memory/2528-8-0x0000000002630000-0x00000000026C0000-memory.dmp

Filesize
576KB

Download
memory/2528-9-0x0000000010000000-0x0000000010171000-memory.dmp

Filesize
1.4MB

Download
memory/2528-13-0x0000000002630000-0x00000000026C0000-memory.dmp

Filesize
576KB

Download
memory/2528-14-0x0000000002F90000-0x0000000004635000-memory.dmp

Filesize
22.6MB

Download
memory/2528-15-0x00000000026C0000-0x0000000002749000-memory.dmp

Filesize
548KB

Download
memory/2528-16-0x0000000002760000-0x00000000027E5000-memory.dmp

Filesize
532KB

Download
memory/2528-0-0x0000000010000000-0x0000000010171000-memory.dmp

Filesize
1.4MB

Download
memory/2528-5-0x0000000002630000-0x00000000026C0000-memory.dmp

Filesize
576KB

Download
memory/2528-20-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2528-21-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/2528-22-0x00000000006D0000-0x00000000006D4000-memory.dmp

Filesize
16KB

Download
memory/2528-23-0x00000000006E0000-0x00000000006E6000-memory.dmp

Filesize
24KB

Download
memory/2528-24-0x0000000010000000-0x0000000010171000-memory.dmp

Filesize
1.4MB

Download
memory/2528-4-0x0000000002570000-0x0000000002613000-memory.dmp

Filesize
652KB

Download
memory/2528-37-0x0000000010000000-0x0000000010171000-memory.dmp

Filesize
1.4MB

Download
memory/2528-3-0x0000000010000000-0x0000000010171000-memory.dmp

Filesize
1.4MB

Download
memory/2528-2-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/2528-1-0x0000000010000000-0x0000000010171000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads