b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e

Analysis

max time kernel
90s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 13:30

Target

b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e.dll
Size

157KB
MD5

258f4d970b7185375d31dc46a939a6ff
SHA1

bf33205fb9aa14345384245823ee11d84b538cfd
SHA256

b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e
SHA512

c5b9a87fc1d6a21ff22e4d1e4dfd9174545e05f7e37d9a0c63e801a9f813f3b732c04b1b76d66da72e4cebaa47efcf697d0025a6e75284c582c5589a026cb9df
SSDEEP

3072:O040Uu4Yjm8j7qHllvH2AoJgSXRETBfNirskO/yaY/fT:p4YjTjGHnzoJhXRETBlirsP/g/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4928	1512	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 1512	4432	regsvr32.exe	80
PID 4432 wrote to memory of 1512	4432	regsvr32.exe	80
PID 4432 wrote to memory of 1512	4432	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b6e629128e9316820cfd5bdfe4d621d5a7435717879d554567df31352fb8558e.dll
  2⤵
  PID:1512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 604
    3⤵
    - Program crash
    PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1512 -ip 1512
1⤵
PID:1340