f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92

Analysis

max time kernel
91s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 11:35

Target

f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92.dll
Size

135KB
MD5

c24395f5e785c6e73d36cb0359b8ac4c
SHA1

b34563443bd8bc6de67059b80f54b16833f41086
SHA256

f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92
SHA512

893ac1eef43e2a17d96e105ad3a4ec630bacda85060ef79f4e6430c778c607f5a0ece9c988bd6703fbd5ac8d51eed24b76604d1f7c3ae500b32b0cc649af08b1
SSDEEP

3072:GkxW8s67j9VdZdbDgG8bfSyRxZ7npAN1prwUWVpdc8yD7n7xHSVF:b9RVvKfrmNMrV8TZSz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3340	4828	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 4828	4904	regsvr32.exe	82
PID 4904 wrote to memory of 4828	4904	regsvr32.exe	82
PID 4904 wrote to memory of 4828	4904	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92.dll
  2⤵
  PID:4828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 616
    3⤵
    - Program crash
    PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 4828 -ip 4828
1⤵
PID:2900

memory/4828-133-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download