5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f

Analysis

max time kernel
141s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 17:54

Target

5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f.dll
Size

120KB
MD5

81eb26b6ede37c9c102ea83c39a0a9ec
SHA1

672d6b6c3328c4591d2c2b31271a14c379c68ca5
SHA256

5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f
SHA512

5f674b0be448c5d492b108e2c548284c0bd79cfedebcc16a1e20f394ded5841f194ba3de7852705af50749e6bb3ca01ae9cfe6bab34ecfab3bf8f16ab29152da
SSDEEP

1536:VnqYQRYv/hV6oqoBtutAughNWa4aoOYAoocVv:J0YtqoTjWa4lOAZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4276	4976	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 4976	4604	regsvr32.exe	80
PID 4604 wrote to memory of 4976	4604	regsvr32.exe	80
PID 4604 wrote to memory of 4976	4604	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f.dll
  2⤵
  PID:4976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 636
    3⤵
    - Program crash
    PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4976 -ip 4976
1⤵
PID:4664

memory/4976-133-0x00000000003D0000-0x00000000003EE000-memory.dmp

Filesize
120KB

Download