f77eaf7513d509f9caa244d8016f010efa5a9513947e9a6dfedea6855ee93179

Analysis

max time kernel
383s
max time network
618s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
03-01-2023 17:19

Target

cl.dll
Size

60KB
MD5

3818348bf02665342f21837a7bbcfe7a
SHA1

7da458e626acf26b5228280c16910957c08a196b
SHA256

f77eaf7513d509f9caa244d8016f010efa5a9513947e9a6dfedea6855ee93179
SHA512

381c120181e95fa9446133152e164f11a67330f4665abf9924805866b8fdfde202311ee0ef00ae7508a967687272ac8ff382a57a0c9643dbde9ec2dbe83360ae
SSDEEP

768:hO4apg9TJD/UFPvh45g1WmxValWf5uJMj9TX8Vd76o1x6:hHT+4mjw4IdZx

Score

3^/10

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

4736 60 WerFault.exe rundll32.exe
4068 4264 WerFault.exe regsvr32.exe
5116 4996 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
4736	60	WerFault.exe	rundll32.exe
4068	4264	WerFault.exe	regsvr32.exe
5116	4996	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 4140 wrote to memory of 4264	4140	cmd.exe	regsvr32.exe
PID 4140 wrote to memory of 4264	4140	cmd.exe	regsvr32.exe
PID 4140 wrote to memory of 4996	4140	cmd.exe	regsvr32.exe
PID 4140 wrote to memory of 4996	4140	cmd.exe	regsvr32.exe
PID 4140 wrote to memory of 4008	4140	cmd.exe	rundll32.exe
PID 4140 wrote to memory of 4008	4140	cmd.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cl.dll,#1
1⤵
PID:60
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 60 -s 220
  2⤵
  - Program crash
  PID:4736

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Windows\system32\regsvr32.exe
  regsvr32 cl.dll
  2⤵
  PID:4264
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 4264 -s 380
    3⤵
    - Program crash
    PID:4068
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s cl.dll
  2⤵
  PID:4996
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 4996 -s 380
    3⤵
    - Program crash
    PID:5116
- C:\Windows\system32\rundll32.exe
  rundll32 cl.dll
  2⤵
  PID:4008