c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e

Analysis

max time kernel
159s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 05:08

Target

c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e.dll
Size

452KB
MD5

404175167abc9d25b86e586439e8a8b0
SHA1

680d49d6bf1c078164b7d92fdaee7d6cb0f0b9fa
SHA256

c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e
SHA512

9c1265d84da7582fb014c41bf5604cf9d52663aa08c12e8e0e40bd86aad9bba81290915626d4cf64e43cdab102593279e8b0cbf1fe2dca3fd1f2f7ab89a8c563
SSDEEP

12288:kGwTNWbR1J9CGrYBZRaJsbC5YbWpoUGV/kVpj/JBQTrGX6B2c1z:k3C1nmHWG2oUGmVpDsTrGXSz

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\regsvr32.exe	regsvr32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3564	5080	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 5080	5000	regsvr32.exe	81
PID 5000 wrote to memory of 5080	5000	regsvr32.exe	81
PID 5000 wrote to memory of 5080	5000	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e.dll
  2⤵
  - Drops file in System32 directory
  PID:5080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 35344
    3⤵
    - Program crash
    PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5080 -ip 5080
1⤵
PID:3504