032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756

Analysis

max time kernel
106s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 13:53

Target

032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756.dll
Size

577KB
MD5

283a3fc305056bdcca74cd601fd9dbc0
SHA1

bbd708c34053b7fd8b3fe46e087552c694e69aa1
SHA256

032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756
SHA512

c9733fb3b9544eebfc42280938e81bde5bca8cb898af6946ee33393eb2241d24b008d6c99efff016a07d5759dc63e5f5c2ad8893220f6ea2e031ffb0554a4227
SSDEEP

12288:rU0BFtvsPUkGXgDkmBxAJmKVg8zThh6XQ1poxUAzfRs3N:rVXtyLGwDJkJxVVzXIIpobzfRs

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3712	1836	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1836	2224	regsvr32.exe	83
PID 2224 wrote to memory of 1836	2224	regsvr32.exe	83
PID 2224 wrote to memory of 1836	2224	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\032b832c82fffd97450679121789e66886a6073cc0576a6ced21c54192a90756.dll
  2⤵
  PID:1836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 608
    3⤵
    - Program crash
    PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1836 -ip 1836
1⤵
PID:2496

memory/1836-133-0x0000000000B50000-0x0000000000BE7000-memory.dmp

Filesize
604KB

Download