ae993d18292e786d1e639c43cb8305b02f5feb062cef5d5ba559ef17132a78bb

Analysis

max time kernel
174s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2022, 23:22

Target

ae993d18292e786d1e639c43cb8305b02f5feb062cef5d5ba559ef17132a78bb.dll
Size

324KB
MD5

35d733b8aa344411a7cfcfc8452a572c
SHA1

3d8c9c2a24e0e1c00e018b073905efe89be7aba8
SHA256

ae993d18292e786d1e639c43cb8305b02f5feb062cef5d5ba559ef17132a78bb
SHA512

364fd0a2d49fe251b51fe242237d5088845a3f39571255a9325de2f4638827aeb75c6536d91bf8da92d2d633a4e78de90f0c86cf97595da3aae9779a758a2bef
SSDEEP

1536:2HMe5k8jt6WS1mu37Wr5iGMtu/M9Ga/RkQWNgvAz4tE:Gd6dT32MGwfklg04tE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3504	112	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 112	2896	regsvr32.exe	84
PID 2896 wrote to memory of 112	2896	regsvr32.exe	84
PID 2896 wrote to memory of 112	2896	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ae993d18292e786d1e639c43cb8305b02f5feb062cef5d5ba559ef17132a78bb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ae993d18292e786d1e639c43cb8305b02f5feb062cef5d5ba559ef17132a78bb.dll
  2⤵
  PID:112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 616
    3⤵
    - Program crash
    PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 112 -ip 112
1⤵
PID:4516

memory/112-133-0x000000006D410000-0x000000006D466000-memory.dmp

Filesize
344KB

Download