0b2959c9d85c42b525388455dad0aa7bc4a779e14adc125f9055de30c8adb33f

Analysis

max time kernel
141s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 02:51

Target

0c3194edd02f9200ef3e95cc880205b7.dll
Size

227KB
MD5

0c3194edd02f9200ef3e95cc880205b7
SHA1

b5a7489eaa9eb984dcd693fed7f86d5a0018b941
SHA256

0b2959c9d85c42b525388455dad0aa7bc4a779e14adc125f9055de30c8adb33f
SHA512

95e43f9e03d23d51a782c3c7aa8e27ff3e773250a6887bcbfc6ee6087521017c0d7c89319dad1c1d9b39b4533d45471b57de60db38687168b9f8778fffbf7987
SSDEEP

6144:xlhrmtunWolM1xLv0LtXr3O9tK2mwhcrBRMv56Pb2tsJL:xlEd7LsLtXrw3hABR256ks

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3524	1988	WerFault.exe	91

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1988	1952	regsvr32.exe	91
PID 1952 wrote to memory of 1988	1952	regsvr32.exe	91
PID 1952 wrote to memory of 1988	1952	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0c3194edd02f9200ef3e95cc880205b7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0c3194edd02f9200ef3e95cc880205b7.dll
  2⤵
  PID:1988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 680
    3⤵
    - Program crash
    PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1988 -ip 1988
1⤵
PID:4892

memory/1988-0-0x00000000005E0000-0x000000000066C000-memory.dmp

Filesize
560KB

Download