94f9457e3060fece1d0a336380c232f0f60f88abdf34b83c0b67eb63205b495a

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 06:24

Target

10fe7924cadfc3c6dc2ea165be7e3ea2.dll
Size

14KB
MD5

10fe7924cadfc3c6dc2ea165be7e3ea2
SHA1

eeae99690d21353bf57c80743dacd8aa5e0abe07
SHA256

94f9457e3060fece1d0a336380c232f0f60f88abdf34b83c0b67eb63205b495a
SHA512

3d4e3d7dd842ab9f450152f03dc3c3671abe2cad047d72cb469f4ade9c51ea2a2d00679458ebaa5649fa417aa68296357b941bd4059f29d3ef6db3d2888d1f37
SSDEEP

192:nrXM26Fzt/Qz9ASPbPoi1ELH+uZLp7oCpEj4R/TEuZjzeyDh5pXqccOW8sbWIAK:j7udQAGPoi1liblxtDhvXEOW8sbW2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1128	2792	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2792	2808	regsvr32.exe	88
PID 2808 wrote to memory of 2792	2808	regsvr32.exe	88
PID 2808 wrote to memory of 2792	2808	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\10fe7924cadfc3c6dc2ea165be7e3ea2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\10fe7924cadfc3c6dc2ea165be7e3ea2.dll
  2⤵
  PID:2792
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 624
    3⤵
    - Program crash
    PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2792 -ip 2792
1⤵
PID:1352

memory/2792-0-0x0000000000970000-0x000000000097E000-memory.dmp

Filesize
56KB

Download