b213e28624b932210ca2a0f454edb0bd91db36832dfce3864b69982b88aa4fe1

Analysis

max time kernel
76s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 19:32

Target

b213e28624b932210ca2a0f454edb0bd91db36832dfce3864b69982b88aa4fe1.dll
Size

16KB
MD5

d1838edb1139cdeec58e20ba8be83ff0
SHA1

bd05770666205ee9a112b5eee5e98cad32d13cd2
SHA256

b213e28624b932210ca2a0f454edb0bd91db36832dfce3864b69982b88aa4fe1
SHA512

84775715331ad346a9fbb10d426d1ff4fd7bc73752f851d6076fe3eeb5029287edb55fe4c2df486690d3561ebe57d379360001f1a03817facf1b852e9d9449f7
SSDEEP

384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzl7S:SYW6rGpUIJmLNlXFb5S

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3728-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2356	3728	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 3728	2148	rundll32.exe	80
PID 2148 wrote to memory of 3728	2148	rundll32.exe	80
PID 2148 wrote to memory of 3728	2148	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b213e28624b932210ca2a0f454edb0bd91db36832dfce3864b69982b88aa4fe1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b213e28624b932210ca2a0f454edb0bd91db36832dfce3864b69982b88aa4fe1.dll,#1
  2⤵
  PID:3728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 600
    3⤵
    - Program crash
    PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3728 -ip 3728
1⤵
PID:2940

memory/3728-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download