06a680b4525e2c49df35a7f505444630f585f10418b633cebe371fb4f51d0548

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 11:58

Target

SecuriteInfo.com.W32.Agent.CE13.tr.6247.15756.dll
Size

330KB
MD5

7667d5374aad506a985901f3cdc702d9
SHA1

c705d7fabd37dfaa5c878d5bcb86ececbce0ab8e
SHA256

06a680b4525e2c49df35a7f505444630f585f10418b633cebe371fb4f51d0548
SHA512

dc34e2517a7d55279c8ca683f20ffa03b02a1d8be807464fea1cbea69d092d59758bf00b5710a2259a2669b4edf3d00ba03e139e57de6395caa2ad65feacddfb
SSDEEP

6144:+RR5rhZFQGrsUwF7vlPoSw1pSA8XaMYdBi+02/LLI4iHh:+R5nWFpPoSwiXia20

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2076-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2076-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2076-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2076-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2076-4-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3644	2076	WerFault.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2076	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2076	1664	rundll32.exe	81
PID 1664 wrote to memory of 2076	1664	rundll32.exe	81
PID 1664 wrote to memory of 2076	1664	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Agent.CE13.tr.6247.15756.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Agent.CE13.tr.6247.15756.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 644
    3⤵
    - Program crash
    PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2076 -ip 2076
1⤵
PID:564

memory/2076-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2076-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2076-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2076-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2076-4-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download