477c0e835f54f533908959c2f69c95f2fbb602cb8ecb9d9c8ac21e7fe2c5e50b

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 04:50

Target

5588a59f273f12ad1ef22b81fb2749b2.dll
Size

48KB
MD5

5588a59f273f12ad1ef22b81fb2749b2
SHA1

a50d00bc05e1cdc3b08c2b1129558b6e6740117f
SHA256

477c0e835f54f533908959c2f69c95f2fbb602cb8ecb9d9c8ac21e7fe2c5e50b
SHA512

3f4b9d993b042d78db714d8c978ec5dfe13b1f95575d4740aeee71624e8299c6daef376cdb4f44d04efa6e9f7ab3f6cf170b4850f77e49291c061502ff987104
SSDEEP

768:3p7tT126t032rgLlg2IpdrevYSEbAZsY0jH6faXFJWVMvxYY4jI/IVJCjh:57tTc6r2lghdivYSEkEt1BR4E/Ljh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3116	5072	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 5072	4420	regsvr32.exe	87
PID 4420 wrote to memory of 5072	4420	regsvr32.exe	87
PID 4420 wrote to memory of 5072	4420	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5588a59f273f12ad1ef22b81fb2749b2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5588a59f273f12ad1ef22b81fb2749b2.dll
  2⤵
  PID:5072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 616
    3⤵
    - Program crash
    PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5072 -ip 5072
1⤵
PID:4412