1379ef5a6dade7acfc9507304792c90636f4c1f8591daf3752a66b84e4f7a0e1

Analysis

max time kernel
263s
max time network
373s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 00:52

Target

1379ef5a6dade7acfc9507304792c90636f4c1f8591daf3752a66b84e4f7a0e1.dll
Size

88KB
MD5

4dc29dc660fd8d71b9ecf0c47b94f15a
SHA1

63e4ce9d8cbd5c7ac4e73274dae557b085621a52
SHA256

1379ef5a6dade7acfc9507304792c90636f4c1f8591daf3752a66b84e4f7a0e1
SHA512

a934132b7275b340a1c07bdda8ff78ad552c91c3d2d331cef635577ed6ddd7cb79db476f7ce0273ab2645e14ab6abf5e2ea59ce55d813099756b8eec0c24ea3a
SSDEEP

1536:qYrZgRm508XtI+pbKE29Q/IamVbJKvFiRui24I:zraRa0oIB72/IRbJKNW2d

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/728-133-0x0000000010000000-0x0000000010025000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 728	2784	rundll32.exe	80
PID 2784 wrote to memory of 728	2784	rundll32.exe	80
PID 2784 wrote to memory of 728	2784	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1379ef5a6dade7acfc9507304792c90636f4c1f8591daf3752a66b84e4f7a0e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1379ef5a6dade7acfc9507304792c90636f4c1f8591daf3752a66b84e4f7a0e1.dll,#1
  2⤵
  PID:728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 728 -ip 728
1⤵
PID:1492

memory/728-133-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download