617f845935d428ecaf15057713f3d08a10f8257b90ee669a2afac591678bac30

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 18:40

Target

Video Enhancerv2013汉化绿色破解版/!)卸载.bat
Size

79B
MD5

ad5226c6b2b439b55d102a0d8e9efad6
SHA1

9e7e40eba020afb2d59be4734117bbf50cd17ffa
SHA256

52250b951d46cdd84ff186d95ef65e681abb8124f5cfa1e447e921cf7171f752
SHA512

d8467e8f0d5cd1b8e7997561323d9519e70addbd5107894bb5ac69338b73ba936cc395657c78cfd42817210b2593810f9b8cbb95ce511b033987919e61890e44

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2104	1424	WerFault.exe	86

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1008	1832	cmd.exe	85
PID 1832 wrote to memory of 1008	1832	cmd.exe	85
PID 1008 wrote to memory of 1424	1008	regsvr32.exe	86
PID 1008 wrote to memory of 1424	1008	regsvr32.exe	86
PID 1008 wrote to memory of 1424	1008	regsvr32.exe	86

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Video Enhancerv2013汉化绿色破解版\!)卸载.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\system32\regsvr32.exe
  regsvr32 /u /s SR.ax VDFilter.ax Parallelizer.ax VIH.ax aviwr.ax skinengine.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1008
- - C:\Windows\SysWOW64\regsvr32.exe
    /u /s SR.ax VDFilter.ax Parallelizer.ax VIH.ax aviwr.ax skinengine.dll
    3⤵
    PID:1424
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 792
      4⤵
      Program crash
      PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1424 -ip 1424
1⤵
PID:3660

memory/1424-0-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/1424-1-0x0000000000AF0000-0x0000000000AF2000-memory.dmp

Filesize
8KB

Download