5dceb07b359fb2d8340059be821351742597ce64cbf538d966a88058dd361d94

Analysis

max time kernel
189s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 17:53

Target

5dceb07b359fb2d8340059be821351742597ce64cbf538d966a88058dd361d94.dll
Size

16KB
MD5

22ae803ced7ddca78e88b49ee0e1df80
SHA1

96d7b128baf52c22ffd3156a5aea767e7cbdb8ee
SHA256

5dceb07b359fb2d8340059be821351742597ce64cbf538d966a88058dd361d94
SHA512

dfa11f4d0b506f6c75eba8c09ffba77e9b531c7b4f29220adce8b6f9f738d85f5c38d956d95577df6d62da59836df09386454d6a8e3a786fab554ac33f916292
SSDEEP

384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlI:SYW6rGpUIJmLNlXFby

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/712-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
764	712	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 712	3824	rundll32.exe	82
PID 3824 wrote to memory of 712	3824	rundll32.exe	82
PID 3824 wrote to memory of 712	3824	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dceb07b359fb2d8340059be821351742597ce64cbf538d966a88058dd361d94.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dceb07b359fb2d8340059be821351742597ce64cbf538d966a88058dd361d94.dll,#1
  2⤵
  PID:712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 600
    3⤵
    - Program crash
    PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 712 -ip 712
1⤵
PID:1632

memory/712-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download