b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47

Analysis

max time kernel
118s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2023 12:41

Target

b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47.dll
Size

2.1MB
MD5

ebeb28c6b25088798a49f1d8fcc15e93
SHA1

15ea3e3e2f0dbc3daac3d87e3e87feb7b7c6859b
SHA256

b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47
SHA512

7ee78c87b19fb4ffc06877dd2d2e5e6d229c9c295557ca77da5af8af6a1d9cf9f979418be90bd10c2ee605b65b329f0b00de48ce8718eb9c0375382fdb676a21
SSDEEP

49152:UK9imiZQ5V0i3fmpM/iP6dzvRN3YVuMtG:UK9dNXupMjN

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

732 5080 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
732	5080	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1008 wrote to memory of 5080	1008	regsvr32.exe	regsvr32.exe
PID 1008 wrote to memory of 5080	1008	regsvr32.exe	regsvr32.exe
PID 1008 wrote to memory of 5080	1008	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1008

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\b42618a418af2ee3fc0606c56bbec119b22b8f59e0f6a24356a28e9c91517b47.dll
2⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 684
3⤵
- Program crash
PID:732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5080 -ip 5080
1⤵
PID:4976