d95536bd00bd6267dcf3167dc9cd5d2c532b4b43e6fc3fb2079aace0fe2be084

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 06:47

Target

d95536bd00bd6267dcf3167dc9cd5d2c532b4b43e6fc3fb2079aace0fe2be084.dll
Size

389KB
MD5

3a932a11856ebbaec98648121ccbb9f4
SHA1

9cccb3a675b761db6eb2d26e1b8a213dbe58b6bd
SHA256

d95536bd00bd6267dcf3167dc9cd5d2c532b4b43e6fc3fb2079aace0fe2be084
SHA512

67a3b6aef42b36ddea5cd521febff77f9caac8467bca48bb4f2ebd3c10587cff8b5c2e88ed82987e45ed4bde5d7febb0a5b9e777926f38fe5458d2f82f39b1ca
SSDEEP

6144:FpTq0HxoW9JblvFrUSLpdIhfVHLQqdBR5BTBuCqObbOpb48iA:FBq0HxzJxVUSLpC1LtRnTVqEG4P

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	1592	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1592	2224	regsvr32.exe	82
PID 2224 wrote to memory of 1592	2224	regsvr32.exe	82
PID 2224 wrote to memory of 1592	2224	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d95536bd00bd6267dcf3167dc9cd5d2c532b4b43e6fc3fb2079aace0fe2be084.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d95536bd00bd6267dcf3167dc9cd5d2c532b4b43e6fc3fb2079aace0fe2be084.dll
  2⤵
  PID:1592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 608
    3⤵
    - Program crash
    PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1592 -ip 1592
1⤵
PID:2508

memory/1592-133-0x0000000010000000-0x0000000010080000-memory.dmp

Filesize
512KB

Download