72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a

Analysis

max time kernel
151s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 10:19

Target

72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll
Size

16KB
MD5

c2477c2061085f10d7446db144e591b0
SHA1

42b46422d89865cd38524976428bff1b88b93b86
SHA256

72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a
SHA512

644857fcb060b778ceb47c4db1387184043d7bd28412dd4e52d68892b0a5678067f08d25d7f13ccb96603ccda9fb19969f9bc3dd1ee78e161f3bec054c6fb2a7
SSDEEP

384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlQ9:SYW6rGpUIJmLNlXFbq

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3136-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4696	3136	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 3136	2820	rundll32.exe	78
PID 2820 wrote to memory of 3136	2820	rundll32.exe	78
PID 2820 wrote to memory of 3136	2820	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll,#1
  2⤵
  PID:3136
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 600
    3⤵
    - Program crash
    PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3136 -ip 3136
1⤵
PID:4880

memory/3136-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download