e450382d7fdded88ef8b1154eb9385fb3c16f23d6129ffa432f0926e39ce2b1c

Analysis

max time kernel
4s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 19:31 UTC

Target

e450382d7fdded88ef8b1154eb9385fb3c16f23d6129ffa432f0926e39ce2b1c.dll
Size

16KB
MD5

b0bf2ef7bb27733879827d7ce3241bf0
SHA1

841376fad92c4000a7a4f4f459cb569ca94dd145
SHA256

e450382d7fdded88ef8b1154eb9385fb3c16f23d6129ffa432f0926e39ce2b1c
SHA512

e22f8332f6a4fff3fe8189f3a115cbb4ac4ac98562ebe990fa919566d4dd4017867345f1b96aa64cf4375548e0af0235fbd370954d0d6c308f13571d0a89bab9
SSDEEP

384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlsc:SYW6rGpUIJmLNlXFbH

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1712-56-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
520	1712	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 1712	1372	rundll32.exe	28
PID 1372 wrote to memory of 1712	1372	rundll32.exe	28
PID 1372 wrote to memory of 1712	1372	rundll32.exe	28
PID 1372 wrote to memory of 1712	1372	rundll32.exe	28
PID 1372 wrote to memory of 1712	1372	rundll32.exe	28
PID 1372 wrote to memory of 1712	1372	rundll32.exe	28
PID 1372 wrote to memory of 1712	1372	rundll32.exe	28
PID 1712 wrote to memory of 520	1712	rundll32.exe	29
PID 1712 wrote to memory of 520	1712	rundll32.exe	29
PID 1712 wrote to memory of 520	1712	rundll32.exe	29
PID 1712 wrote to memory of 520	1712	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e450382d7fdded88ef8b1154eb9385fb3c16f23d6129ffa432f0926e39ce2b1c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e450382d7fdded88ef8b1154eb9385fb3c16f23d6129ffa432f0926e39ce2b1c.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 228
    3⤵
    - Program crash
    PID:520

memory/1712-55-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1712-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download