88e1bfb47261141c91ce14007340f92209168bb6297caef10f9a1d5a11cba39a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:29

Target

21c17b68d8be9a27620ce1368d2dae6f.dll
Size

80KB
MD5

21c17b68d8be9a27620ce1368d2dae6f
SHA1

d92f0a7d7ff54d08d66b541af95b0d0b2cb3f743
SHA256

88e1bfb47261141c91ce14007340f92209168bb6297caef10f9a1d5a11cba39a
SHA512

424d912ab16e901b394366559705c2b4901b116466115be2c5e7dd7813ad2cf38c6a2b507c747c2d6af68f3d9a08691fd8fabc988c9e499da81ccec3040294d7
SSDEEP

1536:qM7BuTE3mT7BAEI0gkrMKZGzJKw0tPrXTi450vvAAHImDAaOelxtlkGsdwd8j3eZ:PBwE3U7yipGzyXyvNoXaOIxtlkGwwG2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4968	2436	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 2436	712	regsvr32.exe	89
PID 712 wrote to memory of 2436	712	regsvr32.exe	89
PID 712 wrote to memory of 2436	712	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\21c17b68d8be9a27620ce1368d2dae6f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:712
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\21c17b68d8be9a27620ce1368d2dae6f.dll
  2⤵
  PID:2436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 608
    3⤵
    - Program crash
    PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 2436 -ip 2436
1⤵
PID:4756

memory/2436-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download