b4144af4ca64c79357f991551647bbf30bb4bfb335a36002b32c351fcc09e8d1

Analysis

max time kernel
111s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 07:00

Target

b4144af4ca64c79357f991551647bbf30bb4bfb335a36002b32c351fcc09e8d1.dll
Size

225KB
MD5

cabea55f813088bddddcc66c2986f671
SHA1

2f4af81763a693119cd3d36676c5703f97254a3d
SHA256

b4144af4ca64c79357f991551647bbf30bb4bfb335a36002b32c351fcc09e8d1
SHA512

9835c164c82f024f06191792276efda80218805894563a48cbf8c68fb0e19240a7300fe213b6260de50ab64ee2af136f3a706545eb288f063a23b5d19c7a1cfe
SSDEEP

3072:vw6Nke6gu8U0kDw+PNXRbzWyGrj6JhKv8TEgY2zZAJ0tEpgtg9HguPt+AFqnPJ86:o6Nke5UdNXRbCfnohBTY2VGpgtw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4876	5016	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 5016	1572	regsvr32.exe	80
PID 1572 wrote to memory of 5016	1572	regsvr32.exe	80
PID 1572 wrote to memory of 5016	1572	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b4144af4ca64c79357f991551647bbf30bb4bfb335a36002b32c351fcc09e8d1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b4144af4ca64c79357f991551647bbf30bb4bfb335a36002b32c351fcc09e8d1.dll
  2⤵
  PID:5016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 640
    3⤵
    - Program crash
    PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5016 -ip 5016
1⤵
PID:4796

memory/5016-133-0x0000000010000000-0x000000001007D000-memory.dmp

Filesize
500KB

Download