25f6cc801356eda5867985563568479adcef91081357c6ea856cf3cde0429590

Analysis

max time kernel
62s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2022, 16:20

Target

SecuriteInfo.com.Malware.Heuristic.1003.23418.15608.dll
Size

382KB
MD5

02605d55a641f680a7315dd39f15f3e1
SHA1

7345287276dfeac8f2e59150a46d179e23211c4b
SHA256

25f6cc801356eda5867985563568479adcef91081357c6ea856cf3cde0429590
SHA512

bbfff8c8b3578e33983be898846939f3edead325be971bb50d986bb5d98312e14464651dabbdb4efb100ade66807188c08c7b150b66fa59439f8f3354f0dae3b
SSDEEP

6144:fdf8gqytoR7bb6DCRnLs8G9jCxM48U7Z3VXtlyk387Ra4bJSDwq0SC0mfRMyH/6B:fdfHt4b6O5Ls8G994R7ZFXPP387Ra4ba

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1328-133-0x0000000074F00000-0x0000000074FE8000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1952	1328	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1328	1308	rundll32.exe	81
PID 1308 wrote to memory of 1328	1308	rundll32.exe	81
PID 1308 wrote to memory of 1328	1308	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Malware.Heuristic.1003.23418.15608.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Malware.Heuristic.1003.23418.15608.dll,#1
  2⤵
  PID:1328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 600
    3⤵
    - Program crash
    PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1328 -ip 1328
1⤵
PID:4344

memory/1328-133-0x0000000074F00000-0x0000000074FE8000-memory.dmp

Filesize
928KB

Download