ac7804eed165f207297c23ca978c2f21dac27abb3a1b57fc808e367a889d1cc1

General

Target

ac7804eed165f207297c23ca978c2f21dac27abb3a1b57fc808e367a889d1cc1.dll
Size

1.5MB
MD5

59a58f5bcf5a14f6923e7e52c4ae954a
SHA1

cfa1c1636254680d18f0bda20e3043badae1339e
SHA256

ac7804eed165f207297c23ca978c2f21dac27abb3a1b57fc808e367a889d1cc1
SHA512

8fa9a8cc055c10cc84a719182e690bb8231cc965837601f131349b10dcc16efd330129f44eee9fe632454244f78e5d76193b52fad37fa9c27f95f7cdd7d44a09
SSDEEP

24576:KwALEfb99TUmpqWpNlmxgNpzR5MEDGb8zukgMDQwMHtisk:X9KWpFNp7MuG7gvsk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3340-0-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-1-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-2-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-3-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-5-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-7-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-9-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-11-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-13-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-15-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-17-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-19-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-21-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-23-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-25-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-27-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-29-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-31-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-33-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-35-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-37-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-39-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-41-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-43-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx
behavioral2/memory/3340-44-0x0000000002F20000-0x0000000002F5E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4336	3340	WerFault.exe	81

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe
3340	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 3340	1300	rundll32.exe	81
PID 1300 wrote to memory of 3340	1300	rundll32.exe	81
PID 1300 wrote to memory of 3340	1300	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac7804eed165f207297c23ca978c2f21dac27abb3a1b57fc808e367a889d1cc1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac7804eed165f207297c23ca978c2f21dac27abb3a1b57fc808e367a889d1cc1.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 860
    3⤵
    - Program crash
    PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3340 -ip 3340
1⤵
PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3340-0-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-1-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-2-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-3-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-5-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-7-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-9-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-11-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-13-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-15-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-17-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-19-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-21-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-23-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-25-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-27-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-29-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-31-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-33-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-35-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-37-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-39-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-41-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-43-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download
memory/3340-44-0x0000000002F20000-0x0000000002F5E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing