0d61c6fb6c1d291d4403084f82e5a862dd290d39ec52acabd1eeed91880d8f9e

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
30/08/2023, 03:25

Target

0d61c6fb6c1d291d4403084f82e5a862dd290d39ec52acabd1eeed91880d8f9e.dll
Size

131KB
MD5

a1e5a151551020715a7e9b0701c38885
SHA1

c02a61a7a0730c9f4913a2390b6b3c373ed6e5a7
SHA256

0d61c6fb6c1d291d4403084f82e5a862dd290d39ec52acabd1eeed91880d8f9e
SHA512

ca3466ecb4ec4ecbd8ca62660fcc418c18b541f17894a943b4c5e3b1d3df56edb400c9f7d451e2b052b39cbccfdd4668587de88da35ab36c64048b4942ca2b6c
SSDEEP

1536:Q/G/ZpZoBP+l48ZInnDFU1lgvvCf2i2u+JWEnc7moI+CNNumb:Q+BpmR+l48ZInW+af2isJWEnc81b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2652	1892	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1892	1424	regsvr32.exe	28
PID 1424 wrote to memory of 1892	1424	regsvr32.exe	28
PID 1424 wrote to memory of 1892	1424	regsvr32.exe	28
PID 1424 wrote to memory of 1892	1424	regsvr32.exe	28
PID 1424 wrote to memory of 1892	1424	regsvr32.exe	28
PID 1424 wrote to memory of 1892	1424	regsvr32.exe	28
PID 1424 wrote to memory of 1892	1424	regsvr32.exe	28
PID 1892 wrote to memory of 2652	1892	regsvr32.exe	29
PID 1892 wrote to memory of 2652	1892	regsvr32.exe	29
PID 1892 wrote to memory of 2652	1892	regsvr32.exe	29
PID 1892 wrote to memory of 2652	1892	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0d61c6fb6c1d291d4403084f82e5a862dd290d39ec52acabd1eeed91880d8f9e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0d61c6fb6c1d291d4403084f82e5a862dd290d39ec52acabd1eeed91880d8f9e.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 296
    3⤵
    - Program crash
    PID:2652