b0c1770b8f91f7021d1a4f3c85d0b38f713fb2d1e6578181491340c83067b74c

Analysis

max time kernel
181s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 04:33

Target

b0c1770b8f91f7021d1a4f3c85d0b38f713fb2d1e6578181491340c83067b74c.dll
Size

116KB
MD5

416ddce78d3cad8d2c2cc45bee640b40
SHA1

43f9ff92932244542acfc9e8cd418e466fd065ee
SHA256

b0c1770b8f91f7021d1a4f3c85d0b38f713fb2d1e6578181491340c83067b74c
SHA512

49b9a3d67dc023bbb07d9e8fbf064009a1ca481d5dfbf71855df68a19bccfe2cf80c27ec5b277e33dac1accd8ac5193d4301ce2c56ed664949ebac47db644542
SSDEEP

1536:+BAvBqZ+Qid1iiQ2zDVmPCjsiUUtuKWNuB6A5:yAU+tKCjsiMKid0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3868	760	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 760	1292	regsvr32.exe	83
PID 1292 wrote to memory of 760	1292	regsvr32.exe	83
PID 1292 wrote to memory of 760	1292	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b0c1770b8f91f7021d1a4f3c85d0b38f713fb2d1e6578181491340c83067b74c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b0c1770b8f91f7021d1a4f3c85d0b38f713fb2d1e6578181491340c83067b74c.dll
  2⤵
  PID:760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 624
    3⤵
    - Program crash
    PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 760 -ip 760
1⤵
PID:4160

memory/760-133-0x0000000000860000-0x000000000087D000-memory.dmp

Filesize
116KB

Download