afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2

Resubmissions

07-07-2022 11:51

31-01-2022 06:31

Target

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
Size

3.1MB
MD5

7a5324615cbf70bad37c84cefb012e80
SHA1

ebbac85d574144f92e23829bea472f3aa43100fa
SHA256

afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2
SHA512

2f715f203eae83c448e81c4cbd283638cf5c080dbb607c67a1545e417b4066c8fc23990409e500aa82c77630198d9069a7da45be90f055dd3f46c3be1a4ed2c1

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1880 2884 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
1880	2884	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2860 wrote to memory of 2884	2860	regsvr32.exe	regsvr32.exe
PID 2860 wrote to memory of 2884	2860	regsvr32.exe	regsvr32.exe
PID 2860 wrote to memory of 2884	2860	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2.dll
  2⤵
  PID:2884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 648
    3⤵
    - Program crash
    PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2884 -ip 2884
1⤵
PID:1864