1f84492e82a50ba9726ea15d604b20d302ba5cc554a1dfbf5425aff86b5f6cf2

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2023 02:55

Target

1f84492e82a50ba9726ea15d604b20d302ba5cc554a1dfbf5425aff86b5f6cf2.dll
Size

1.0MB
MD5

32cfc98ef7e6d793db75d34964d615a2
SHA1

0269a0be8c141cfc2eb0b0aa0d0838528243f254
SHA256

1f84492e82a50ba9726ea15d604b20d302ba5cc554a1dfbf5425aff86b5f6cf2
SHA512

bf0e33ab3dd88be19f6ac966cdf9a292032fe84d3bd5e47576241a42eebe995e4f30a98e6ed2459435e5cd4242c87b74dcbf6c5f4049c6c5a2b8042bd709d56b
SSDEEP

24576:LEu/6TaIRJ2x0tO4xzDMA1jWjBa51Lgp6sXFPdTH7pX7S:LEWgaIRJ2x0tZxHX1751kXLTH7prS

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/1836-148-0x0000000003B50000-0x0000000003B86000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1944 1836 WerFault.exe rundll32.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

1836 rundll32.exe

pid	pid_target	process	target process
1944	1836	WerFault.exe	rundll32.exe

pid	process
1836	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1724 wrote to memory of 1836	1724	rundll32.exe	rundll32.exe
PID 1724 wrote to memory of 1836	1724	rundll32.exe	rundll32.exe
PID 1724 wrote to memory of 1836	1724	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f84492e82a50ba9726ea15d604b20d302ba5cc554a1dfbf5425aff86b5f6cf2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f84492e82a50ba9726ea15d604b20d302ba5cc554a1dfbf5425aff86b5f6cf2.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 844
    3⤵
    - Program crash
    PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1836 -ip 1836
1⤵
PID:4344

memory/1836-133-0x0000000010000000-0x0000000010247000-memory.dmp

Filesize
2.3MB

Download
memory/1836-135-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/1836-134-0x0000000002C30000-0x0000000002C7B000-memory.dmp

Filesize
300KB

Download
memory/1836-136-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/1836-139-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/1836-141-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1836-142-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/1836-144-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/1836-145-0x0000000001100000-0x0000000001101000-memory.dmp

Filesize
4KB

Download
memory/1836-143-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/1836-146-0x0000000001250000-0x0000000001251000-memory.dmp

Filesize
4KB

Download
memory/1836-147-0x0000000003370000-0x0000000003374000-memory.dmp

Filesize
16KB

Download
memory/1836-148-0x0000000003B50000-0x0000000003B86000-memory.dmp

Filesize
216KB

Download
memory/1836-149-0x0000000010000000-0x0000000010247000-memory.dmp

Filesize
2.3MB

Download
memory/1836-150-0x0000000002C30000-0x0000000002C7B000-memory.dmp

Filesize
300KB

Download