032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 13:53

Target

032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756.dll
Size

577KB
MD5

283a3fc305056bdcca74cd601fd9dbc0
SHA1

bbd708c34053b7fd8b3fe46e087552c694e69aa1
SHA256

032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756
SHA512

c9733fb3b9544eebfc42280938e81bde5bca8cb898af6946ee33393eb2241d24b008d6c99efff016a07d5759dc63e5f5c2ad8893220f6ea2e031ffb0554a4227
SSDEEP

12288:rU0BFtvsPUkGXgDkmBxAJmKVg8zThh6XQ1poxUAzfRs3N:rVXtyLGwDJkJxVVzXIIpobzfRs

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
936	1156	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1156	1600	regsvr32.exe	27
PID 1600 wrote to memory of 1156	1600	regsvr32.exe	27
PID 1600 wrote to memory of 1156	1600	regsvr32.exe	27
PID 1600 wrote to memory of 1156	1600	regsvr32.exe	27
PID 1600 wrote to memory of 1156	1600	regsvr32.exe	27
PID 1600 wrote to memory of 1156	1600	regsvr32.exe	27
PID 1600 wrote to memory of 1156	1600	regsvr32.exe	27
PID 1156 wrote to memory of 936	1156	regsvr32.exe	28
PID 1156 wrote to memory of 936	1156	regsvr32.exe	28
PID 1156 wrote to memory of 936	1156	regsvr32.exe	28
PID 1156 wrote to memory of 936	1156	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 296
    3⤵
    - Program crash
    PID:936

memory/936-58-0x0000000000000000-mapping.dmp

Download
memory/1156-55-0x0000000000000000-mapping.dmp

Download
memory/1156-56-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1156-57-0x0000000000920000-0x00000000009A0000-memory.dmp

Filesize
512KB

Download
memory/1600-54-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp

Filesize
8KB

Download