7641a0cd8c9ca6c2b07b8baf8cdd6f3d0781feca91f5d099f30b434f875769f3

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2023, 12:03

Target

7641a0cd8c9ca6c2b07b8baf8cdd6f3d0781feca91f5d099f30b434f875769f3.dll
Size

346KB
MD5

0e53ed31e95b1674746b18590fc38c25
SHA1

213e0dd63bdb61d4b972c8159dd0f0bb382b8503
SHA256

7641a0cd8c9ca6c2b07b8baf8cdd6f3d0781feca91f5d099f30b434f875769f3
SHA512

37cb3078be622106edee5d2b59a2407bc116087bd3fd6c21422ac602256d74b92332d0f6f54a8a0f2e16f11efa17ba6a16a74b0b9a73f8d05830aa75b7fbfdbd
SSDEEP

6144:dbgs70rW4hdQHzUYpA7gVwbbeQNXa0CxDrVUDaI2AV/GMHnQ2pdpvox:6c23ToA8QNqdfU9lGMHQ2Ox

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3760-0-0x0000000010000000-0x000000001010F000-memory.dmp	upx
behavioral2/memory/3760-1-0x0000000010000000-0x000000001010F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1656	3760	WerFault.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3760	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 3760	5048	rundll32.exe	81
PID 5048 wrote to memory of 3760	5048	rundll32.exe	81
PID 5048 wrote to memory of 3760	5048	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7641a0cd8c9ca6c2b07b8baf8cdd6f3d0781feca91f5d099f30b434f875769f3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7641a0cd8c9ca6c2b07b8baf8cdd6f3d0781feca91f5d099f30b434f875769f3.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 700
    3⤵
    - Program crash
    PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3760 -ip 3760
1⤵
PID:4804

memory/3760-0-0x0000000010000000-0x000000001010F000-memory.dmp

Filesize
1.1MB

Download
memory/3760-1-0x0000000010000000-0x000000001010F000-memory.dmp

Filesize
1.1MB

Download