d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0

General

Target

d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0.dll
Size

1.9MB
MD5

1d2027b76fcd47f97fe9ea53301ceede
SHA1

4fd8dd51573d0a66cc9234376eda5b0e1996c998
SHA256

d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0
SHA512

bb8cde5b89fac9fd1ae72d60031073e1a2af9af1454780fbd8875bcfee3b5c460e7b3e501fb601a4c012be6975e661a1e933d80a36210805b5e97baa4197abdb
SSDEEP

24576:Sm7BRWGdEyTz0ybRG/IpRwHsUPaZ64ZiOB0j+bLeLMf:SmtRJtjpRwMb64d0j+R

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/552-0-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-2-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-1-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-3-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-6-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-10-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-8-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-12-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-15-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-18-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-20-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-23-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-25-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-27-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-30-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-32-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-34-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-36-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-38-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-40-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-42-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-44-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-46-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-48-0x0000000002740000-0x000000000277E000-memory.dmp	upx
behavioral2/memory/552-49-0x0000000002740000-0x000000000277E000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ÅäÖÃÏî.ini	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4128	552	WerFault.exe	83

Suspicious use of SetWindowsHookEx 42 IoCs

pid	Process
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe
552	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 552	1032	rundll32.exe	83
PID 1032 wrote to memory of 552	1032	rundll32.exe	83
PID 1032 wrote to memory of 552	1032	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d98720f9b105f762f19e294ea86d312ff1be1e84f838539e0c563016d41ba7f0.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 1048
    3⤵
    - Program crash
    PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 552 -ip 552
1⤵
PID:4460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\ÅäÖÃÏî.ini

Filesize
169B

MD5
378ae2a65a7e9f680ac2b08caf5c676b

SHA1
79fb9baed7680dcfbfe10b3749c8aea6f81881fc

SHA256
a17ebf92b2bd1a1d359af01e5d4e91eb3c44b0b9ddbbc844a2e809fc10a67590

SHA512
1f4b7ed88e0ae3e932eccd5c07da826f6f3a4c2ac0ad1e6219e5aa62911aa34ac19c1517dbccd09c3a19d75fda45defbe874c7e5f5cbcc18a19de1a6283b7471

Download Submit
memory/552-25-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-46-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-3-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-6-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-10-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-8-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-12-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-15-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-18-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-20-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-23-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-0-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-1-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-32-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-27-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-34-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-36-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-38-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-40-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-42-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-44-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-30-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-48-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-49-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download
memory/552-2-0x0000000002740000-0x000000000277E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing