d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9

Analysis

max time kernel
180s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:47

Target

d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9.dll
Size

97KB
MD5

24b27785c476a59825cbd02f9ac2b67b
SHA1

d018394efbe0f15bb91579bf62d599a1dde74926
SHA256

d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9
SHA512

16ae0b410b78bd33fff9d6c4b0133e94b209f33d2c274b818a626511856efddf4d1a3599815cf11d23c28eccfe70e2a0e6fdc652b0a1c390fe862106f7abfb5f
SSDEEP

1536:Q3LZX5VqGQ3iHVsWPBe/3Q77G1V8hOhjowzwg+6qCsEyr/BUanLUk5+QIsFVk7hG:6MGKi17cSG1kEpn+WjSfLUXFkVk99Lg1

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4880-133-0x0000000010000000-0x000000001002C000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4820	4880	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 4880	4968	rundll32.exe	80
PID 4968 wrote to memory of 4880	4968	rundll32.exe	80
PID 4968 wrote to memory of 4880	4968	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9.dll,#1
  2⤵
  PID:4880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 544
    3⤵
    - Program crash
    PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4880 -ip 4880
1⤵
PID:4924

memory/4880-133-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download