f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3

Analysis

max time kernel
150s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 13:58

Target

f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3.dll
Size

640KB
MD5

b755b8867ba092d8242c993a79839d3a
SHA1

2d77fefa5f599da7fe5c0ed69b762a75d5d8ed7d
SHA256

f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3
SHA512

545bc1db840600ac902b58e9eee00828e6c81ce37abb7f22c54489f42db9468fe0c61887ae046ac61c1bab027ca0eb0e629e903353a0ed4c971849516c6e2e08
SSDEEP

12288:0aUK5J88T6F74oXh+G613/4JqmwhMI+TyHoS:0hc88T6ZXh+5vPryI+

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1380-133-0x0000000010000000-0x00000000100A2000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1668	1380	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 1380	1612	rundll32.exe	84
PID 1612 wrote to memory of 1380	1612	rundll32.exe	84
PID 1612 wrote to memory of 1380	1612	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3.dll,#1
  2⤵
  PID:1380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 560
    3⤵
    - Program crash
    PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1380 -ip 1380
1⤵
PID:4124

memory/1380-133-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download