e73f28723123c59a47b8b3ac800579372ab85478cc8f3d38fdcec0fb770209bc

Analysis

max time kernel
187s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:06

Target

e73f28723123c59a47b8b3ac800579372ab85478cc8f3d38fdcec0fb770209bc.dll
Size

120KB
MD5

05d46a77b958aec929162fc8697b537c
SHA1

b610311787d1c48292d7720bd63f355cfadd293d
SHA256

e73f28723123c59a47b8b3ac800579372ab85478cc8f3d38fdcec0fb770209bc
SHA512

72ad5307c172d10488227edf3ca79c5a637380be16df494a350e5cbda25dd88905705613fdb5f02e2f1e5493f4797b0486ea763405710ec91ea535b597ca4f4e
SSDEEP

1536:YVq0QBiiT9uCS2TWCZ1R7Nu+RmV+0jcfNIFDIMCh/:u2iisCSd7+RmV+0jcfNmCx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3940	1892	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 1892	384	regsvr32.exe	83
PID 384 wrote to memory of 1892	384	regsvr32.exe	83
PID 384 wrote to memory of 1892	384	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e73f28723123c59a47b8b3ac800579372ab85478cc8f3d38fdcec0fb770209bc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:384
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e73f28723123c59a47b8b3ac800579372ab85478cc8f3d38fdcec0fb770209bc.dll
  2⤵
  PID:1892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 648
    3⤵
    - Program crash
    PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1892 -ip 1892
1⤵
PID:4204

memory/1892-133-0x0000000000530000-0x000000000054E000-memory.dmp

Filesize
120KB

Download