3a875c92372d9e8bf522ec79fa97c0a2d93957116978ebc319cbc99fbc0839ae

Analysis

max time kernel
139s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:39

Target

29f5d9b5cd66c9e7614130bf1acca06d.exe
Size

509KB
MD5

29f5d9b5cd66c9e7614130bf1acca06d
SHA1

1bcb097e8218447db876fdca9ade5d7fd541587e
SHA256

3a875c92372d9e8bf522ec79fa97c0a2d93957116978ebc319cbc99fbc0839ae
SHA512

353b51ad25b26be0e316e17fa1a66921ccded832a9376346795ea0d02a2cc36d2362486a82373da2c96e3549e582e3e7ca5f05c4e1acf556fb706f378725cf53
SSDEEP

12288:YCkBuHsZfYLyB9SqoKumDXh1al+hte5+tAL7LwOJ50UWpGtJxK:7HnqoKpXLaUygKPwob

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3312	2788	WerFault.exe	15

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2788	1752	regsvr32.exe	15
PID 1752 wrote to memory of 2788	1752	regsvr32.exe	15
PID 1752 wrote to memory of 2788	1752	regsvr32.exe	15

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\29f5d9b5cd66c9e7614130bf1acca06d.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\29f5d9b5cd66c9e7614130bf1acca06d.exe
  2⤵
  PID:2788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 600
    3⤵
    - Program crash
    PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2788 -ip 2788
1⤵
PID:2804