b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-02-2023 12:41

Target

b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47.dll
Size

2.1MB
MD5

ebeb28c6b25088798a49f1d8fcc15e93
SHA1

15ea3e3e2f0dbc3daac3d87e3e87feb7b7c6859b
SHA256

b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47
SHA512

7ee78c87b19fb4ffc06877dd2d2e5e6d229c9c295557ca77da5af8af6a1d9cf9f979418be90bd10c2ee605b65b329f0b00de48ce8718eb9c0375382fdb676a21
SSDEEP

49152:UK9imiZQ5V0i3fmpM/iP6dzvRN3YVuMtG:UK9dNXupMjN

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2016 2044 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
2016	2044	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2032 wrote to memory of 2044	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 2044	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 2044	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 2044	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 2044	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 2044	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 2044	2032	regsvr32.exe	regsvr32.exe
PID 2044 wrote to memory of 2016	2044	regsvr32.exe	WerFault.exe
PID 2044 wrote to memory of 2016	2044	regsvr32.exe	WerFault.exe
PID 2044 wrote to memory of 2016	2044	regsvr32.exe	WerFault.exe
PID 2044 wrote to memory of 2016	2044	regsvr32.exe	WerFault.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 348
3⤵
- Program crash
PID:2016