9de02fce892c051d5a2ce547471cbdcb52f11368e839fb73b0d20a8910260c31

Analysis

max time kernel
194s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 07:18

Target

9de02fce892c051d5a2ce547471cbdcb52f11368e839fb73b0d20a8910260c31.dll
Size

84KB
MD5

fe3a605fa61aa6eec5a406cb94f7b330
SHA1

bbe558337292e5851ddf557530974ffe75984cd3
SHA256

9de02fce892c051d5a2ce547471cbdcb52f11368e839fb73b0d20a8910260c31
SHA512

271b2315be04f9973cdebc8c77cc45703ecf8b3373aad3a7f85a93991a9c6f02bd1936f5a92cbf81a718c72c96c9b548bedd1d4302d3afc88592045b3d9d4185
SSDEEP

1536:99IzwUTOnXPS/l8HCjtcX4uIZp5+Q7p89Au02BUkDj:9LUynXPgl8ijQIDx7p89Au0ODj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5060	4408	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 4408	2200	regsvr32.exe	78
PID 2200 wrote to memory of 4408	2200	regsvr32.exe	78
PID 2200 wrote to memory of 4408	2200	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9de02fce892c051d5a2ce547471cbdcb52f11368e839fb73b0d20a8910260c31.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9de02fce892c051d5a2ce547471cbdcb52f11368e839fb73b0d20a8910260c31.dll
  2⤵
  PID:4408
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 596
    3⤵
    - Program crash
    PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4408 -ip 4408
1⤵
PID:2724

memory/4408-132-0x0000000000000000-mapping.dmp

Download
memory/4408-133-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download