77f5c93c8e566d5b9c334500fc79b0cf3ae898b263018672dc5dcf8c5032ac3e

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2024 03:18

Target

64553f0624e8bf15ce433c302905392a.dll
Size

128KB
MD5

64553f0624e8bf15ce433c302905392a
SHA1

a9fd6392eb9350953d09e0fb00ac62606ee20acc
SHA256

77f5c93c8e566d5b9c334500fc79b0cf3ae898b263018672dc5dcf8c5032ac3e
SHA512

5504d9eff9e000c4ed27e4d9bf97d20ea9f3c7b4bc889bc991c3a73b62a620b202eb667510c02d636d461a459fc073be90b3546977b1eb7860d2853e0c5d8cfb
SSDEEP

1536:ryqHQrqzXcoN+2TI+vdaCjYqBZkwuKoR7j3Ju/dkrwKW:l+G1NpNvdSq3kUy7j5WdkrwKW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1068	4356	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 4356	1568	regsvr32.exe	14
PID 1568 wrote to memory of 4356	1568	regsvr32.exe	14
PID 1568 wrote to memory of 4356	1568	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\64553f0624e8bf15ce433c302905392a.dll
1⤵
PID:4356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 636
  2⤵
  - Program crash
  PID:1068

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\64553f0624e8bf15ce433c302905392a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4356 -ip 4356
1⤵
PID:540

memory/4356-0-0x0000000000640000-0x0000000000660000-memory.dmp

Filesize
128KB

Download