0e79174ada34895c615dbefd3b5360399b8404eeedae5f3a666e5817737f403e | Triage

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 04:46

Sharing

Report Analysis Logs

General

Target

ca847c828c08e2df629ce023149503e7.dll
Size

111KB
MD5

ca847c828c08e2df629ce023149503e7
SHA1

0ce63d9f279e64bcd96fdc26d178c2aedee34c79
SHA256

0e79174ada34895c615dbefd3b5360399b8404eeedae5f3a666e5817737f403e
SHA512

03daf0876e765182019d3bf6fa805aecb8d113545d3f21cae7a88609adcd7350ad36d3a66b932c62e6cfa08036ccb56f47bc3f05dc383060a73b30d0523919cc
SSDEEP

3072:ZMT/Z2Bm235lFYzHNCfXBzjk3kDGdJ5j503f:ZMTh52JYzHNCfVDA9m

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2148-0-0x0000000000BD0000-0x0000000000C12000-memory.dmp	upx
behavioral2/memory/2148-1-0x0000000000BD0000-0x0000000000C12000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3640	2148	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 2148	3464	regsvr32.exe	85
PID 3464 wrote to memory of 2148	3464	regsvr32.exe	85
PID 3464 wrote to memory of 2148	3464	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ca847c828c08e2df629ce023149503e7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ca847c828c08e2df629ce023149503e7.dll
  2⤵
  PID:2148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 596
    3⤵
    - Program crash
    PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2148 -ip 2148
1⤵
PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2148-0-0x0000000000BD0000-0x0000000000C12000-memory.dmp

Filesize
264KB

Download
memory/2148-1-0x0000000000BD0000-0x0000000000C12000-memory.dmp

Filesize
264KB

Download