2eef4b05700162c4b8b9f00d8ef7b0d11e1e273219d30130561293bb429f1850

Analysis

max time kernel
204s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 17:00

Target

NEAS.2eef4b05700162c4b8b9f00d8ef7b0d11e1e273219d30130561293bb429f1850.dll
Size

430KB
MD5

87150244daf600db0922142d0016af5a
SHA1

807a588329837dfd1807dbcfd5c9e1e2b9ffbd3f
SHA256

2eef4b05700162c4b8b9f00d8ef7b0d11e1e273219d30130561293bb429f1850
SHA512

c6662ca7d3ef22c09785dc75766ca16ec0814338b9ab4a38d1cd4d94ea687a374b73395a41aadee33836faa20f9dafe74f785b559cbcae22e3b4acb07c3f4062
SSDEEP

3072:0HDp7pRuKjsir5HZFQGrsUwF7hplPoutjg0QG0+GCPvaDW8:+RR5rhZFQGrsUwF7vlPoSmE6D

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4604-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4604-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4604-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4604-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4604-4-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1680	4604	WerFault.exe	86

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4604	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3344 wrote to memory of 4604	3344	rundll32.exe	86
PID 3344 wrote to memory of 4604	3344	rundll32.exe	86
PID 3344 wrote to memory of 4604	3344	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.2eef4b05700162c4b8b9f00d8ef7b0d11e1e273219d30130561293bb429f1850.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.2eef4b05700162c4b8b9f00d8ef7b0d11e1e273219d30130561293bb429f1850.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 644
    3⤵
    - Program crash
    PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4604 -ip 4604
1⤵
PID:784

memory/4604-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4604-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4604-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4604-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4604-4-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download