7ecd436a18f9611c05ddd1632eacf1d60f8082584db3d302524a1b1253ab4385

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 17:21

Target

7ad42243269b5b2dc8bef9fd974747ff.dll
Size

82KB
MD5

7ad42243269b5b2dc8bef9fd974747ff
SHA1

9f3ed77c45e8ac5e8e9042433049543560651ea0
SHA256

7ecd436a18f9611c05ddd1632eacf1d60f8082584db3d302524a1b1253ab4385
SHA512

ac7f4e215004e11679fed7e14240e3d1f7a9396b768eec601a2eeaf7815792da05032c5da7a90c20f31913f4d5544cb31a21d50fb628856a4c50f3c772c93267
SSDEEP

1536:U9fM4ItmqbAv03vL8euSUV62Lf3P77Ohi4IIAVHeXFck+TX0vSJQv712Lt:CEPMGuST2LfDiXa0aev712Lt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2012	540	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 540	4080	regsvr32.exe	85
PID 4080 wrote to memory of 540	4080	regsvr32.exe	85
PID 4080 wrote to memory of 540	4080	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7ad42243269b5b2dc8bef9fd974747ff.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7ad42243269b5b2dc8bef9fd974747ff.dll
  2⤵
  PID:540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 608
    3⤵
    - Program crash
    PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 540 -ip 540
1⤵
PID:4100

memory/540-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download