Analysis
-
max time kernel
131s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 01:50
Static task
static1
Behavioral task
behavioral1
Sample
ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
Resource
win10v2004-20240508-en
General
-
Target
ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
-
Size
107KB
-
MD5
24647c6d251b36108a846d0e2726a60b
-
SHA1
9e7519963402aefb54f8f58e0d0228bdf9454501
-
SHA256
ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb
-
SHA512
f387590002db6c29d7023c819b5a637cb92b68fe5619782ef9fa7e90c5af817457c9cdb724656cd79b9d7e0b513d900ee75a8d822ab4dd4a9ef58743cc8afa4a
-
SSDEEP
3072:REhLjKX6CnK4cT6HKBmg0crZA2fdmpmthmfp:WjKVcWvcri2fdKL
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 744 3772 WerFault.exe regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 212 wrote to memory of 3772 212 regsvr32.exe regsvr32.exe PID 212 wrote to memory of 3772 212 regsvr32.exe regsvr32.exe PID 212 wrote to memory of 3772 212 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 6003⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3772 -ip 37721⤵