d0e18c3539d3895eda8acf8f7ed733bf4c1d994b16318544b04a543a9c555685

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:32

Target

2d82ef0ea51b6884feee95fa59be6c15.exe
Size

332KB
MD5

2d82ef0ea51b6884feee95fa59be6c15
SHA1

4ac7d2fb3b4b2289dd005700372f334337fa1c65
SHA256

d0e18c3539d3895eda8acf8f7ed733bf4c1d994b16318544b04a543a9c555685
SHA512

ae55f02573761d6ff35fa303fde456c44cbaa72b54034a43c3981002119a1144bba74491fb1425798f9d81c9f0148960f2482c5c03bf2cf3476f81a0f3e3eddf
SSDEEP

6144:xbhLCmZHi88VLr7VOa+/U/AgzfkR8xS1ynnrvYOrwWjID:xdLtZHi8CLrQaylg+8xS1ynnrv9uD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3000	2996	WerFault.exe	16

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2996	2932	regsvr32.exe	16
PID 2932 wrote to memory of 2996	2932	regsvr32.exe	16
PID 2932 wrote to memory of 2996	2932	regsvr32.exe	16
PID 2932 wrote to memory of 2996	2932	regsvr32.exe	16
PID 2932 wrote to memory of 2996	2932	regsvr32.exe	16
PID 2932 wrote to memory of 2996	2932	regsvr32.exe	16
PID 2932 wrote to memory of 2996	2932	regsvr32.exe	16
PID 2996 wrote to memory of 3000	2996	regsvr32.exe	17
PID 2996 wrote to memory of 3000	2996	regsvr32.exe	17
PID 2996 wrote to memory of 3000	2996	regsvr32.exe	17
PID 2996 wrote to memory of 3000	2996	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d82ef0ea51b6884feee95fa59be6c15.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2d82ef0ea51b6884feee95fa59be6c15.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 292
    3⤵
    - Program crash
    PID:3000