a542a17b31e089c77673581a7dda54b934456931fe4c263c9fd9bbcf308c4cfc

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 17:51

Target

a542a17b31e089c77673581a7dda54b934456931fe4c263c9fd9bbcf308c4cfc.dll
Size

16KB
MD5

237a92fe8ab50e38520aa2d596d96910
SHA1

ab72b9aa94b14426731d8e7b540a4240c0260dc8
SHA256

a542a17b31e089c77673581a7dda54b934456931fe4c263c9fd9bbcf308c4cfc
SHA512

02c7db07e5a3f8a8439e214cfce1476cd7cb485d921c4a5eb1b22afc9356ed8109d7cad059dddea73e042d8bdd746111ae6a9ce8bff763d632e5186ba99ae8e1
SSDEEP

384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlpGS:SYW6rGpUIJmLNlXFbuS

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1080-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2044	1080	WerFault.exe	26

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 1080 wrote to memory of 2044	1080	rundll32.exe	27
PID 1080 wrote to memory of 2044	1080	rundll32.exe	27
PID 1080 wrote to memory of 2044	1080	rundll32.exe	27
PID 1080 wrote to memory of 2044	1080	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a542a17b31e089c77673581a7dda54b934456931fe4c263c9fd9bbcf308c4cfc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a542a17b31e089c77673581a7dda54b934456931fe4c263c9fd9bbcf308c4cfc.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 228
    3⤵
    - Program crash
    PID:2044

memory/1080-55-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download
memory/1080-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download