3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 16:57

Target

3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll
Size

94KB
MD5

595f6335fbaa81038533cf0b43375b41
SHA1

8baa187cf8cd08c6786b8b2f5c1589c0a2094c76
SHA256

3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27
SHA512

e3cafb18b3e57f4482ccccdc90f5d1cd1034b2b8764489491c4e95c0932c340ebb0cc8fb39f8de46627924c9fe277a5f15f619459c74ab3a2c86c5cfc5a0584c
SSDEEP

1536:dC42owFQhOndUNOyTV0Xvn8RPpPEzA/7tK9i3y8/Pmgz+amTOwrPVsEP4awac:dFhw9d6TQ8sA/7U9axJzfZwrNsEnM

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4904-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4820	4904	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4904	4960	rundll32.exe	82
PID 4960 wrote to memory of 4904	4960	rundll32.exe	82
PID 4960 wrote to memory of 4904	4960	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll,#1
  2⤵
  PID:4904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 572
    3⤵
    - Program crash
    PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4904 -ip 4904
1⤵
PID:4856

memory/4904-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download