e71d84a487d7dcaaca6ee0df95ad58b944ceecf38aab006223b84117e04be4cb

Analysis

max time kernel
154s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 20:37

Target

3bced30e57d97102f6ef472d353c58c0.dll
Size

87KB
MD5

3bced30e57d97102f6ef472d353c58c0
SHA1

748579626f2456596889437233e9ea7c05177d97
SHA256

e71d84a487d7dcaaca6ee0df95ad58b944ceecf38aab006223b84117e04be4cb
SHA512

61e84dfd78f8e42b76942cd5016cd4d294f11e4a4436b8e13965b284511640967bc97570ffcb5d86fc9dbfb81d7c8d50895e5cf4c3af4a6ec02aec03b075f862
SSDEEP

1536:cVT9sysnpMsa2CpvErMA5VsUO5+rZbSkCXw9+HH5mmjQ01SiRoEW6qztygqq0u:krsnpMF9AMCVnO5+Ntn9+Q0FqEBqBnq0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4780	3368	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 3368	3520	regsvr32.exe	89
PID 3520 wrote to memory of 3368	3520	regsvr32.exe	89
PID 3520 wrote to memory of 3368	3520	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3bced30e57d97102f6ef472d353c58c0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3bced30e57d97102f6ef472d353c58c0.dll
  2⤵
  PID:3368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 608
    3⤵
    - Program crash
    PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3368 -ip 3368
1⤵
PID:1188

memory/3368-0-0x0000000010000000-0x0000000010076000-memory.dmp

Filesize
472KB

Download