7e4e77db2523a155016a0319b2ebf7446f4f4a3389d39c8c44396decf9be76c7

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 17:08

Target

49905ed9c8ebf3ab818a81115249ebfe.dll
Size

87KB
MD5

49905ed9c8ebf3ab818a81115249ebfe
SHA1

fde93b8992f69ec2e48f63c79ab126ff5e8497b5
SHA256

7e4e77db2523a155016a0319b2ebf7446f4f4a3389d39c8c44396decf9be76c7
SHA512

59ea27156c1c3f7860b036c2c473a1a2c2770712c68392736b6db6678ba855c83e914d2a82a6e10cf274bc2c3826cc570c2bd011bdb147d6b345e3362f47b089
SSDEEP

1536:vFmQF67IwvZ4Aisapc+HEsvNQCJIf4cMTXEYZPEwinNiZPh9Ar7wcZ:MewdiXLzQCJIf4czYZPEwinIth27B

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4636	3708	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 3708	2536	regsvr32.exe	89
PID 2536 wrote to memory of 3708	2536	regsvr32.exe	89
PID 2536 wrote to memory of 3708	2536	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\49905ed9c8ebf3ab818a81115249ebfe.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\49905ed9c8ebf3ab818a81115249ebfe.dll
  2⤵
  PID:3708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 580
    3⤵
    - Program crash
    PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3708 -ip 3708
1⤵
PID:2060

memory/3708-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download