34ffe8262186301ca76d979389a5397412b07ff5aa70113bf34825c73044a047

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:12

Target

11d84fee88430b0f4b420208b698d580.dll
Size

158KB
MD5

11d84fee88430b0f4b420208b698d580
SHA1

48adfd4be408a7c1e5b2a094be579513e07b3b3c
SHA256

34ffe8262186301ca76d979389a5397412b07ff5aa70113bf34825c73044a047
SHA512

5b9a18e1884a9029e75143de418f5852a90a851227a76065800a911f2b28c06a4ee2ba312c842959a0f3a2d8aad1574ea4b10546d0e71be6e9db2391b6b38804
SSDEEP

1536:B4yU+03sZR52rhjEN3cpdzXtFCahyuOoUeBV/78seOmd9UWB3Rcwbdz:B4yU+osZURENWNXXrUezA5Rdb3pN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4872	2844	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 2844	3912	regsvr32.exe	88
PID 3912 wrote to memory of 2844	3912	regsvr32.exe	88
PID 3912 wrote to memory of 2844	3912	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\11d84fee88430b0f4b420208b698d580.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\11d84fee88430b0f4b420208b698d580.dll
  2⤵
  PID:2844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 596
    3⤵
    - Program crash
    PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2844 -ip 2844
1⤵
PID:3888

memory/2844-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download