981dc09792ffc83d86e332eaf6ef18c2144be7ca8c22bacf6dd54b53f8729539

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 03:44

Target

4a59cca94946a45af5388a3e0fdf4e2f.dll
Size

82KB
MD5

4a59cca94946a45af5388a3e0fdf4e2f
SHA1

bdf419710be83f89f9a13b17c5e15294faf5b612
SHA256

981dc09792ffc83d86e332eaf6ef18c2144be7ca8c22bacf6dd54b53f8729539
SHA512

c72a10aa2ddd841cf514e10a0ab5ce205a7aceaf092f58dc450c76155307bd157af1c039eaa83a3a41b593a2033a83716b7975e8da7471f4aa2e0053bd9ddaf4
SSDEEP

1536:GRBlut2jx2DBlgRBx/igyBR5atKq8n3i4e3xpNR6WvCyZpzbgv:GMSg+Rm35kKjbe3xTdpi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1084	2040	WerFault.exe	15

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 2040	5068	regsvr32.exe	15
PID 5068 wrote to memory of 2040	5068	regsvr32.exe	15
PID 5068 wrote to memory of 2040	5068	regsvr32.exe	15

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4a59cca94946a45af5388a3e0fdf4e2f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4a59cca94946a45af5388a3e0fdf4e2f.dll
  2⤵
  PID:2040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 596
    3⤵
    - Program crash
    PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2040 -ip 2040
1⤵
PID:3500

memory/2040-0-0x00000000008D0000-0x000000000090E000-memory.dmp

Filesize
248KB

Download