e88530ed297a8ce0cc835eae2e86468852c0492bb0c9b6ef12fd5387f1de3349

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 14:35

Target

e88530ed297a8ce0cc835eae2e86468852c0492bb0c9b6ef12fd5387f1de3349.dll
Size

674KB
MD5

98dc13ed98ef361404346b4a08fa5e90
SHA1

44f86c2cd5b803275a90a01b0e9d3aaa4bac49ee
SHA256

e88530ed297a8ce0cc835eae2e86468852c0492bb0c9b6ef12fd5387f1de3349
SHA512

cd80aef5b09f8592e765c1078a21b5055fa36aaa21fc44b4a4b1b507ddaf80bf3b3483c9da633335bc69eea7af8d22132fff7a36e1ff17b538d31192d09f677d
SSDEEP

6144:rP2gmlG2LR6l/CG2n37V9NJzY0qFihc+QRn7B7CLzI5eEPG0vZD+SPOWYVUeNzDv:D2DfzY18hc+QR7II5dPBNgzDEU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2188	820	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 820	4092	regsvr32.exe	81
PID 4092 wrote to memory of 820	4092	regsvr32.exe	81
PID 4092 wrote to memory of 820	4092	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e88530ed297a8ce0cc835eae2e86468852c0492bb0c9b6ef12fd5387f1de3349.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e88530ed297a8ce0cc835eae2e86468852c0492bb0c9b6ef12fd5387f1de3349.dll
  2⤵
  PID:820
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 660
    3⤵
    - Program crash
    PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 820 -ip 820
1⤵
PID:2988

memory/820-133-0x0000000074C50000-0x0000000074CFC000-memory.dmp

Filesize
688KB

Download