a3632a2fe9589b8ea96b38cb9218fc38677c13b89914da047970ff980a22f79e

Analysis

max time kernel
55s
max time network
618s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
21-02-2023 17:56

Target

b.dll
Size

60KB
MD5

4c666511f3efd8d7b0475811d852019a
SHA1

34e952cf23b05521d83150004407f49001c4bc66
SHA256

a3632a2fe9589b8ea96b38cb9218fc38677c13b89914da047970ff980a22f79e
SHA512

cfdc9d4ed0599bcb9cef45d00626eb73208560085de1044a03b85c7b77d45c9219772aa28b0df643598dbfcc9d48db6a3be1cde3786e3899e2f0455f4375314f
SSDEEP

768:hO4apg9TJD/UFPvh45g1WmxValWf5uJMj9TX8I+d76o1x6:hHT+4mjw4+dZx

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4172	3680	WerFault.exe	65
3768	3496	WerFault.exe	72
1020	3764	WerFault.exe	74

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 3496	1348	cmd.exe	72
PID 1348 wrote to memory of 3496	1348	cmd.exe	72
PID 1348 wrote to memory of 3764	1348	cmd.exe	74
PID 1348 wrote to memory of 3764	1348	cmd.exe	74

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b.dll,#1
1⤵
PID:3680
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3680 -s 220
  2⤵
  - Program crash
  PID:4172

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s b.dll
  2⤵
  PID:3496
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3496 -s 380
    3⤵
    - Program crash
    PID:3768
- C:\Windows\system32\regsvr32.exe
  regsvr32 b.dll
  2⤵
  PID:3764
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3764 -s 384
    3⤵
    - Program crash
    PID:1020