d3eff497fd82747a674ea1e3b87a1251edac3f60b5e013172a9daf2a89060acc

Analysis

max time kernel
169s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 11:40

Target

d3eff497fd82747a674ea1e3b87a1251edac3f60b5e013172a9daf2a89060acc.dll
Size

141KB
MD5

a535c0c7c2f66e4411262c94710c342d
SHA1

009785998c31c1d63ad6563d07cc2c8e9b016efa
SHA256

d3eff497fd82747a674ea1e3b87a1251edac3f60b5e013172a9daf2a89060acc
SHA512

a9a4997f09ae15f8c61a6a20950529ad47aa8705fa8ab2a2183496e52cf3f00ee69ed97923b11832fc4c49c4350d85928175dbe1222a401895d840e956e10f1d
SSDEEP

3072:HuhE6zRkrsv6jdjxY2bPis4QrtkNbv0Ty:HuhisCRjxbpkZvD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
428	4648	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 4648	1808	regsvr32.exe	84
PID 1808 wrote to memory of 4648	1808	regsvr32.exe	84
PID 1808 wrote to memory of 4648	1808	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d3eff497fd82747a674ea1e3b87a1251edac3f60b5e013172a9daf2a89060acc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d3eff497fd82747a674ea1e3b87a1251edac3f60b5e013172a9daf2a89060acc.dll
  2⤵
  PID:4648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 596
    3⤵
    - Program crash
    PID:428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4648 -ip 4648
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4648 -ip 4648
1⤵
PID:4344