ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb

Analysis

max time kernel
131s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:50

Target

ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
Size

107KB
MD5

24647c6d251b36108a846d0e2726a60b
SHA1

9e7519963402aefb54f8f58e0d0228bdf9454501
SHA256

ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb
SHA512

f387590002db6c29d7023c819b5a637cb92b68fe5619782ef9fa7e90c5af817457c9cdb724656cd79b9d7e0b513d900ee75a8d822ab4dd4a9ef58743cc8afa4a
SSDEEP

3072:REhLjKX6CnK4cT6HKBmg0crZA2fdmpmthmfp:WjKVcWvcri2fdKL

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

744 3772 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
744	3772	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 212 wrote to memory of 3772	212	regsvr32.exe	regsvr32.exe
PID 212 wrote to memory of 3772	212	regsvr32.exe	regsvr32.exe
PID 212 wrote to memory of 3772	212	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:212

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ad9a6cc3de92a4a5ecd005e621ea2cdbf126c5635c3e4571af46017189fcf1eb.exe
2⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 600
3⤵
- Program crash
PID:744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3772 -ip 3772
1⤵
PID:1628