60f59a479158f2ca7215571d5302130dde59bf15fb7e932db03da48747c1b6b9

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 17:53

Target

60f59a479158f2ca7215571d5302130dde59bf15fb7e932db03da48747c1b6b9.dll
Size

16KB
MD5

41d3955cedbfbb2ec44f642c6fd84ae0
SHA1

0c8a2622ba65e1775339267785bb0e5f7fee49a6
SHA256

60f59a479158f2ca7215571d5302130dde59bf15fb7e932db03da48747c1b6b9
SHA512

818abfcc77150a3092c0d81612ee316de483a93e2de66d162fc8281579a7ba73bf1a6f8a8ad60af14efc9988b83493a5b0aad6031fe24ae1e616245a5521f02e
SSDEEP

384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzl3:SYW6rGpUIJmLNlXFb1

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/788-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1620	788	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 788 wrote to memory of 1620	788	rundll32.exe	29
PID 788 wrote to memory of 1620	788	rundll32.exe	29
PID 788 wrote to memory of 1620	788	rundll32.exe	29
PID 788 wrote to memory of 1620	788	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60f59a479158f2ca7215571d5302130dde59bf15fb7e932db03da48747c1b6b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\60f59a479158f2ca7215571d5302130dde59bf15fb7e932db03da48747c1b6b9.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 228
    3⤵
    - Program crash
    PID:1620

memory/788-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/788-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download