2e43021e33da0158be55300148cba556d3ede3abf13cad6e6a1b72cbe2057fd5

Analysis

max time kernel
186s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 06:10

Target

Vk.com 1.2.1/msvcr71.dll
Size

164KB
MD5

5776a4ef7f492636c052ae64b35bf4ce
SHA1

33f56f902e20ed138baa351f7446bf40abdd62c9
SHA256

42ded6072e28ed5394b0a832a0559b8e618490764f2490dbedcf7e5479537573
SHA512

829e286fd303577c2c6352c6279b084055f2bb772650f7b26d4b0a1c7c0185385ed8bde855fcc598c09ccd79ed92fcbf47537c7ea09786fddb6005dee3b9ae6d
SSDEEP

3072:HTXFhfsEYqkiQLJEYvkxEzUQ7F9aR35K/IGopf9W7lFiMl9Kd8w/FMciFdNINrbL:H7FhfsxqkiQaBEzUQ7363URGEsG9Kd8U

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral4/memory/860-133-0x000000007C360000-0x000000007C3C0000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3716	860	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 860	1960	rundll32.exe	83
PID 1960 wrote to memory of 860	1960	rundll32.exe	83
PID 1960 wrote to memory of 860	1960	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Vk.com 1.2.1\msvcr71.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Vk.com 1.2.1\msvcr71.dll",#1
  2⤵
  PID:860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 608
    3⤵
    - Program crash
    PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 860 -ip 860
1⤵
PID:2100

memory/860-133-0x000000007C360000-0x000000007C3C0000-memory.dmp

Filesize
384KB

Download