dcf3488e65a158ebcef3364f26db2b50d1ad8113193bdbf8c3878f0e5f35238e

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 14:20

Target

dcf3488e65a158ebcef3364f26db2b50d1ad8113193bdbf8c3878f0e5f35238e.exe
Size

312KB
MD5

ebd31422095ff3d059b06981a7306bc6
SHA1

84059130fbefcddb6d28f0b0211937c93c686f38
SHA256

dcf3488e65a158ebcef3364f26db2b50d1ad8113193bdbf8c3878f0e5f35238e
SHA512

279328580e3e715f79852cc7d78418d94e4946b212ad1c8d7915eb133fcce6b1ba52093f86eee7dea598c0ab196d6f5d2842fc0df32291651c7dc9ce870292d2
SSDEEP

6144:AEPDl+AqiL7zw42e+N53ckJvEn+EV0VBFXBqZsfiX:AE7d3/srNtXEm3RsTX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1496	1856	WerFault.exe	26

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1856	1708	regsvr32.exe	26
PID 1708 wrote to memory of 1856	1708	regsvr32.exe	26
PID 1708 wrote to memory of 1856	1708	regsvr32.exe	26
PID 1708 wrote to memory of 1856	1708	regsvr32.exe	26
PID 1708 wrote to memory of 1856	1708	regsvr32.exe	26
PID 1708 wrote to memory of 1856	1708	regsvr32.exe	26
PID 1708 wrote to memory of 1856	1708	regsvr32.exe	26
PID 1856 wrote to memory of 1496	1856	regsvr32.exe	27
PID 1856 wrote to memory of 1496	1856	regsvr32.exe	27
PID 1856 wrote to memory of 1496	1856	regsvr32.exe	27
PID 1856 wrote to memory of 1496	1856	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dcf3488e65a158ebcef3364f26db2b50d1ad8113193bdbf8c3878f0e5f35238e.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\dcf3488e65a158ebcef3364f26db2b50d1ad8113193bdbf8c3878f0e5f35238e.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 296
    3⤵
    - Program crash
    PID:1496

memory/1708-54-0x000007FEFBD81000-0x000007FEFBD83000-memory.dmp

Filesize
8KB

Download
memory/1856-56-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download