62be0c4034b2348b8da855e1efefd2e119fce66bccf484efc355ecd169e2699b

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:18

Target

0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll
Size

668KB
MD5

eedb8748e6513349cb13bc73101bb996
SHA1

2ce8d3d4a7bb697fd85384b106194e10f707c0e2
SHA256

62be0c4034b2348b8da855e1efefd2e119fce66bccf484efc355ecd169e2699b
SHA512

6bd13c3f89215f0d7adeb6e7d041fdd4ac44ec004f223b730352f1dc20e972b25a4dfbde7cc07ff63386e6e523e9c8d23b065b0cb82396c29403cffb9f2d1ea2
SSDEEP

12288:aKy+46ehnVmcYF7YekzSyjoPipgWOaN6oJt6cptSien3kiFeBNXb0jc/:aJ6e5VDYF7Yek/oP+MGrMcpK0iFeB2j

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1240 5016 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
1240	5016	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 5072 wrote to memory of 5016	5072	regsvr32.exe	regsvr32.exe
PID 5072 wrote to memory of 5016	5072	regsvr32.exe	regsvr32.exe
PID 5072 wrote to memory of 5016	5072	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5072

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll
2⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 604
3⤵
- Program crash
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5016 -ip 5016
1⤵
PID:5080