5a23b6dcbddc0dd13c26ce0d76d27b43d5cc57f107d61d303b0c4d8030a55984

Analysis

max time kernel
151s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:14

Target

082bf5c4b1ebd6dff9b76e3e0787afea.dll
Size

85KB
MD5

082bf5c4b1ebd6dff9b76e3e0787afea
SHA1

952cbe9364efadb2cce630b5f91da4883c0b784e
SHA256

5a23b6dcbddc0dd13c26ce0d76d27b43d5cc57f107d61d303b0c4d8030a55984
SHA512

660eef9b5ef67a47351acd44f6e731910bf65b357b3ae4086de73e2c9519372afb381bb70b445ff46e91a75f3cc647ba7d973fc57babb849419830304a4e09b1
SSDEEP

1536:PWMbzeRDuFA2AsTwvJkhNw1tsz4rbaZo5lXoUn/Bn8xg5iWqUQEYJHnSAho:PSuq2tEvShNGtszUbt//B8xd9ppSQo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4392	4656	WerFault.exe	91

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3376 wrote to memory of 4656	3376	regsvr32.exe	91
PID 3376 wrote to memory of 4656	3376	regsvr32.exe	91
PID 3376 wrote to memory of 4656	3376	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\082bf5c4b1ebd6dff9b76e3e0787afea.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3376
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\082bf5c4b1ebd6dff9b76e3e0787afea.dll
  2⤵
  PID:4656
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 596
    3⤵
    - Program crash
    PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4656 -ip 4656
1⤵
PID:4176

memory/4656-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4656-1-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download