ce06a26920c0d1d80b5b06717b4e075fb710d88075b6f944747936eac92acb00

Analysis

max time kernel
154s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 17:50

Target

ce06a26920c0d1d80b5b06717b4e075fb710d88075b6f944747936eac92acb00.dll
Size

16KB
MD5

01c09d87499751c657c33b2276abda90
SHA1

70afbf307946ef3ca26360930e4fa090b9df730e
SHA256

ce06a26920c0d1d80b5b06717b4e075fb710d88075b6f944747936eac92acb00
SHA512

e83f4816299e0f94b86b56f11ced2c4b8e80125aee1a49b4801a9ed2b0e904cd9e6d96fac7a88f9aaabe57893e4546ee84fa27cacd6aece2b1e003eef97f28b4
SSDEEP

384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlK:SYW6rGpUIJmLNlXFbE

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3716-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4504	3716	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 3716	3956	rundll32.exe	79
PID 3956 wrote to memory of 3716	3956	rundll32.exe	79
PID 3956 wrote to memory of 3716	3956	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ce06a26920c0d1d80b5b06717b4e075fb710d88075b6f944747936eac92acb00.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ce06a26920c0d1d80b5b06717b4e075fb710d88075b6f944747936eac92acb00.dll,#1
  2⤵
  PID:3716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 600
    3⤵
    - Program crash
    PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3716 -ip 3716
1⤵
PID:1352

memory/3716-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download