5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03

Analysis

max time kernel
1s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:13

Target

5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03.dll
Size

210KB
MD5

370e8bec237179c34e756770701087d3
SHA1

e43f165ac5c2227c2f562be85107e6caa2a95076
SHA256

5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03
SHA512

16f28d87a2a1070bc35c7106e309542612c3ba44cca4b570290cb28964771220d847e5a6438ceca2a1000441536fbfa9233170630eb3f7dbb3fe73ced6756f40
SSDEEP

6144:yuhU22wUrh0p+J9cZtspaAwvl+ID6rhIhiuTm:yuaXwI0PZtEh6jWhJuTm

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

700 2032 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
700	2032	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	regsvr32.exe
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	regsvr32.exe
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	regsvr32.exe
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	regsvr32.exe
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	regsvr32.exe
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	regsvr32.exe
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 700	2032	regsvr32.exe	WerFault.exe
PID 2032 wrote to memory of 700	2032	regsvr32.exe	WerFault.exe
PID 2032 wrote to memory of 700	2032	regsvr32.exe	WerFault.exe
PID 2032 wrote to memory of 700	2032	regsvr32.exe	WerFault.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1252

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\5f5e6819095d3873be477f929133dff062a1e755e2e1a5ac0ca8f54f93f62c03.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 304
3⤵
- Program crash
PID:700

memory/700-57-0x0000000000000000-mapping.dmp

Download
memory/1252-54-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

Filesize
8KB

Download
memory/2032-55-0x0000000000000000-mapping.dmp

Download
memory/2032-56-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download