3fccb62cfd295639db7dc2ba09fd1f306ef02d1955261e02fed017e86fad5df4

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:16

Target

3fccb62cfd295639db7dc2ba09fd1f306ef02d1955261e02fed017e86fad5df4.dll
Size

128KB
MD5

0c09699930be624024cf32670e4ae150
SHA1

db1f4c2420d01f1e9abdc6caa3cb39826e3750fc
SHA256

3fccb62cfd295639db7dc2ba09fd1f306ef02d1955261e02fed017e86fad5df4
SHA512

d28f5a886d79e8a82aabbf5c3d1733cd518da524e7b34052a4507afcc33e0df5dcbad4daaa2fcbffc750545584d10822a4e11fd40cb6ab312806ec2bfa1ee791
SSDEEP

1536:3mqvQVHXWRXjWm5YO6w9E3hy3FVhtoueZIbBv:N03WJjNuw9oo3F/CueZw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	528	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 528	2804	regsvr32.exe	81
PID 2804 wrote to memory of 528	2804	regsvr32.exe	81
PID 2804 wrote to memory of 528	2804	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3fccb62cfd295639db7dc2ba09fd1f306ef02d1955261e02fed017e86fad5df4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3fccb62cfd295639db7dc2ba09fd1f306ef02d1955261e02fed017e86fad5df4.dll
  2⤵
  PID:528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 660
    3⤵
    - Program crash
    PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 528 -ip 528
1⤵
PID:4796

memory/528-133-0x0000000001FB0000-0x0000000001FD0000-memory.dmp

Filesize
128KB

Download