62be0c4034b2348b8da855e1efefd2e119fce66bccf484efc355ecd169e2699b

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:18

Target

0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll
Size

668KB
MD5

eedb8748e6513349cb13bc73101bb996
SHA1

2ce8d3d4a7bb697fd85384b106194e10f707c0e2
SHA256

62be0c4034b2348b8da855e1efefd2e119fce66bccf484efc355ecd169e2699b
SHA512

6bd13c3f89215f0d7adeb6e7d041fdd4ac44ec004f223b730352f1dc20e972b25a4dfbde7cc07ff63386e6e523e9c8d23b065b0cb82396c29403cffb9f2d1ea2
SSDEEP

12288:aKy+46ehnVmcYF7YekzSyjoPipgWOaN6oJt6cptSien3kiFeBNXb0jc/:aJ6e5VDYF7Yek/oP+MGrMcpK0iFeB2j

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1912 1904 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
1912	1904	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 900 wrote to memory of 1904	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 1904	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 1904	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 1904	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 1904	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 1904	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 1904	900	regsvr32.exe	regsvr32.exe
PID 1904 wrote to memory of 1912	1904	regsvr32.exe	WerFault.exe
PID 1904 wrote to memory of 1912	1904	regsvr32.exe	WerFault.exe
PID 1904 wrote to memory of 1912	1904	regsvr32.exe	WerFault.exe
PID 1904 wrote to memory of 1912	1904	regsvr32.exe	WerFault.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:900

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 296
3⤵
- Program crash
PID:1912

memory/900-54-0x000007FEFBB41000-0x000007FEFBB43000-memory.dmp

Filesize
8KB

Download
memory/1904-55-0x0000000000000000-mapping.dmp

Download
memory/1904-56-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/1912-57-0x0000000000000000-mapping.dmp

Download