a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4

Analysis

max time kernel
91s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 06:28

Target

a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4.dll
Size

97KB
MD5

818ce8100aa2f8f1fa6470a7f401e4cf
SHA1

b8414f48a0373c0b060e7f0fcfd121447292d43f
SHA256

a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4
SHA512

eb6c1a17aee88929803442663827ae1d4152c2f180126cc07bda7f403f575a69ce7ace9ffcea876dca46f6641bf2c7336384d378637538652e2c337fc3e1b4fb
SSDEEP

1536:VhAln6fjYuvecH19znu3dFlTd8UuCBmQ+u+sK8pnBGeB3sRpD:O6fVvrVhelBoLGnBGeBq

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3252-136-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1472	3252	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 3252	1968	rundll32.exe	83
PID 1968 wrote to memory of 3252	1968	rundll32.exe	83
PID 1968 wrote to memory of 3252	1968	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4.dll,#1
  2⤵
  PID:3252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 572
    3⤵
    - Program crash
    PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3252 -ip 3252
1⤵
PID:2804

memory/3252-136-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download