92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2

Analysis

max time kernel
161s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 05:27

Target

92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2.dll
Size

85KB
MD5

321ee307ff59c64f6f1ce60774b3c310
SHA1

630b27da0789027529fc64a2645411d523b8b5ba
SHA256

92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2
SHA512

135be0fef7a85d6ff44b15001118ffe71f2fef0ddbc282bca891dede215c986957a24813aa38a5135561348808c10bb9cf5479cfaa0972842e01ae19c3a78131
SSDEEP

1536:TUjTpjMKgKvC2qioi1qDvq6nbrOZuCTMPzjxXQGblyU:TYgsZ1WvJnHOvTMPhbB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3660	1688	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 1688	4132	regsvr32.exe	78
PID 4132 wrote to memory of 1688	4132	regsvr32.exe	78
PID 4132 wrote to memory of 1688	4132	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2.dll
  2⤵
  PID:1688
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 604
    3⤵
    - Program crash
    PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1688 -ip 1688
1⤵
PID:1808

memory/1688-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download