d5414e612ea40b4cfe893653e55a84d7e50c6a8d907a44bf9c2f71036e214aa4

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 07:47

Target

d5414e612ea40b4cfe893653e55a84d7e50c6a8d907a44bf9c2f71036e214aa4.dll
Size

128KB
MD5

57eedf8de887e3952450c065d8aacc50
SHA1

45ce9a15d2bae94a744abd8376e2de5fa74b058c
SHA256

d5414e612ea40b4cfe893653e55a84d7e50c6a8d907a44bf9c2f71036e214aa4
SHA512

d8fb9b88c08b51cc9d3a08db70f91952c95a685881347ce4142defe81279b4f53e74fc2a2af513c68562679ce4377c6b5f2ab18dc20935918a633813c3d48c3b
SSDEEP

1536:i1zqVQyWXCF4CHeWW/Wh33KA5s/lKXfuClCZ1YCJR:LXuyDzh33KA5wKXfuQCZeCJR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3868	5084	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 5084	2272	regsvr32.exe	82
PID 2272 wrote to memory of 5084	2272	regsvr32.exe	82
PID 2272 wrote to memory of 5084	2272	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d5414e612ea40b4cfe893653e55a84d7e50c6a8d907a44bf9c2f71036e214aa4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d5414e612ea40b4cfe893653e55a84d7e50c6a8d907a44bf9c2f71036e214aa4.dll
  2⤵
  PID:5084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 636
    3⤵
    - Program crash
    PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5084 -ip 5084
1⤵
PID:3068

memory/5084-133-0x00000000020A0000-0x00000000020C0000-memory.dmp

Filesize
128KB

Download