ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:50

Target

ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
Size

107KB
MD5

24647c6d251b36108a846d0e2726a60b
SHA1

9e7519963402aefb54f8f58e0d0228bdf9454501
SHA256

ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb
SHA512

f387590002db6c29d7023c819b5a637cb92b68fe5619782ef9fa7e90c5af817457c9cdb724656cd79b9d7e0b513d900ee75a8d822ab4dd4a9ef58743cc8afa4a
SSDEEP

3072:REhLjKX6CnK4cT6HKBmg0crZA2fdmpmthmfp:WjKVcWvcri2fdKL

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1244 1684 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
1244	1684	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2240 wrote to memory of 1684	2240	regsvr32.exe	regsvr32.exe
PID 2240 wrote to memory of 1684	2240	regsvr32.exe	regsvr32.exe
PID 2240 wrote to memory of 1684	2240	regsvr32.exe	regsvr32.exe
PID 2240 wrote to memory of 1684	2240	regsvr32.exe	regsvr32.exe
PID 2240 wrote to memory of 1684	2240	regsvr32.exe	regsvr32.exe
PID 2240 wrote to memory of 1684	2240	regsvr32.exe	regsvr32.exe
PID 2240 wrote to memory of 1684	2240	regsvr32.exe	regsvr32.exe
PID 1684 wrote to memory of 1244	1684	regsvr32.exe	WerFault.exe
PID 1684 wrote to memory of 1244	1684	regsvr32.exe	WerFault.exe
PID 1684 wrote to memory of 1244	1684	regsvr32.exe	WerFault.exe
PID 1684 wrote to memory of 1244	1684	regsvr32.exe	WerFault.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2240

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 292
3⤵
- Program crash
PID:1244