d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b

Analysis

max time kernel
72s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:47

Target

d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b.dll
Size

99KB
MD5

9a16633899ee3dbb496db34e489917eb
SHA1

83c2bcd3faf9a2a427a8764e53db792f33e99f31
SHA256

d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b
SHA512

c2dcf749caec2dc9651be6f5260b7967afc7472464cf6cf61029f71a10ad5db7da9f6c604b086de726dac9b3476bb23a0a0ab1bb264d5161e98266f8e5677ece
SSDEEP

1536:tmzEOnSND1R5ZtmijhIHTw9YWkUu+Dntcw4kuv1MP35ZPtTnhgISGUWyExrPW6uD:c7n4xZeTw9CR8vKv1MPHRQGUEoH7

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1532-133-0x0000000010000000-0x000000001002C000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3388	1532	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 1532	4572	rundll32.exe	79
PID 4572 wrote to memory of 1532	4572	rundll32.exe	79
PID 4572 wrote to memory of 1532	4572	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b.dll,#1
  2⤵
  PID:1532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 544
    3⤵
    - Program crash
    PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1532 -ip 1532
1⤵
PID:752

memory/1532-133-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download