d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0

General

Target

d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0.dll
Size

1.9MB
MD5

1d2027b76fcd47f97fe9ea53301ceede
SHA1

4fd8dd51573d0a66cc9234376eda5b0e1996c998
SHA256

d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0
SHA512

bb8cde5b89fac9fd1ae72d60031073e1a2af9af1454780fbd8875bcfee3b5c460e7b3e501fb601a4c012be6975e661a1e933d80a36210805b5e97baa4197abdb
SSDEEP

24576:Sm7BRWGdEyTz0ybRG/IpRwHsUPaZ64ZiOB0j+bLeLMf:SmtRJtjpRwMb64d0j+R

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1724-1-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-0-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-2-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-3-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-5-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-7-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-9-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-11-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-13-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-15-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-17-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-19-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-21-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-23-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-25-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-27-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-29-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-31-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-33-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-35-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-37-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-39-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-41-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-43-0x0000000000590000-0x00000000005CE000-memory.dmp	upx
behavioral1/memory/1724-57-0x0000000000590000-0x00000000005CE000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ÅäÖÃÏî.ini	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2648	1724	WerFault.exe	28

Suspicious use of SetWindowsHookEx 42 IoCs

pid	Process
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe
1724	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1724	2144	rundll32.exe	28
PID 2144 wrote to memory of 1724	2144	rundll32.exe	28
PID 2144 wrote to memory of 1724	2144	rundll32.exe	28
PID 2144 wrote to memory of 1724	2144	rundll32.exe	28
PID 2144 wrote to memory of 1724	2144	rundll32.exe	28
PID 2144 wrote to memory of 1724	2144	rundll32.exe	28
PID 2144 wrote to memory of 1724	2144	rundll32.exe	28
PID 1724 wrote to memory of 2648	1724	rundll32.exe	29
PID 1724 wrote to memory of 2648	1724	rundll32.exe	29
PID 1724 wrote to memory of 2648	1724	rundll32.exe	29
PID 1724 wrote to memory of 2648	1724	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 384
    3⤵
    - Program crash
    PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\ÅäÖÃÏî.ini

Filesize
169B

MD5
378ae2a65a7e9f680ac2b08caf5c676b

SHA1
79fb9baed7680dcfbfe10b3749c8aea6f81881fc

SHA256
a17ebf92b2bd1a1d359af01e5d4e91eb3c44b0b9ddbbc844a2e809fc10a67590

SHA512
1f4b7ed88e0ae3e932eccd5c07da826f6f3a4c2ac0ad1e6219e5aa62911aa34ac19c1517dbccd09c3a19d75fda45defbe874c7e5f5cbcc18a19de1a6283b7471

Download Submit
memory/1724-21-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-7-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-23-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-5-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-25-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-9-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-11-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-27-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-15-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-17-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-19-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-1-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-3-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-2-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-13-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-29-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-31-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-33-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-35-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-37-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-39-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-41-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-43-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-0-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download
memory/1724-57-0x0000000000590000-0x00000000005CE000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing