ec6cc959c8c2470b1259cb7a1df1e20ea64e9bd2f64711c0a9b7a79538b03fd8

Analysis

max time kernel
92s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 12:16

Target

7d1a786bc04da5b5eef939c6ed2d1d95.dll
Size

82KB
MD5

7d1a786bc04da5b5eef939c6ed2d1d95
SHA1

032c37df450b20b68b1c739b4fc593e53653c5f7
SHA256

ec6cc959c8c2470b1259cb7a1df1e20ea64e9bd2f64711c0a9b7a79538b03fd8
SHA512

b0f6c3921c2d62c193d9ad38ef1473f5280b8b064fd3ab1a2692bef77aa0df7f7dca97653ee77ce095a6d0b7d73664b0789d110974243712ea04734e563e92cb
SSDEEP

1536:NbtlXgxiJZuKAqQM1vcbIQyI5AKr85RiukxnY2MzI0uKt:NvXtZuURcbIe2kqPzI0uO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4680	1720	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 1720	3348	regsvr32.exe	84
PID 3348 wrote to memory of 1720	3348	regsvr32.exe	84
PID 3348 wrote to memory of 1720	3348	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7d1a786bc04da5b5eef939c6ed2d1d95.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7d1a786bc04da5b5eef939c6ed2d1d95.dll
  2⤵
  PID:1720
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 596
    3⤵
    - Program crash
    PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1720 -ip 1720
1⤵
PID:4068

memory/1720-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download