04565c14e9bbcb3673f8f3cc0d56f8a722e3a258c6e5afd53e93e7f2152db2a9

Analysis

max time kernel
138s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 18:37

Target

c952b028c7323de8ba538cc0b2fd9cd9.dll
Size

158KB
MD5

c952b028c7323de8ba538cc0b2fd9cd9
SHA1

260f22ecbbad953ebea9be870a2ae08ea42fa447
SHA256

04565c14e9bbcb3673f8f3cc0d56f8a722e3a258c6e5afd53e93e7f2152db2a9
SHA512

603883932f886fc3315fb586b398eab78fdb3a63e4e91815e2218a15e77dac1d4789ab2cab105843c06e35a46e5ca30fa59f543af3fe3bcfca12518bc15737b3
SSDEEP

1536:VXcyvW4PmSmJfGzF/6WjSkNxnYuzKAVhBwUAvjgRF8zu4dZ14neSfBKHJr44WjSm:WUWImVS5Pr6vkBnAWKp8lr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4972	3224	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 3224	932	regsvr32.exe	88
PID 932 wrote to memory of 3224	932	regsvr32.exe	88
PID 932 wrote to memory of 3224	932	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c952b028c7323de8ba538cc0b2fd9cd9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:932
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c952b028c7323de8ba538cc0b2fd9cd9.dll
  2⤵
  PID:3224
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 608
    3⤵
    - Program crash
    PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3224 -ip 3224
1⤵
PID:4476

memory/3224-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download