945c94ac15326e0f2d8981211a0395821208872da46a59e502c0a3537dd17f77

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 03:28

Target

0cf7b0e2ce5b5ca401d31016f92a7fc2.dll
Size

15KB
MD5

0cf7b0e2ce5b5ca401d31016f92a7fc2
SHA1

6a5c6042b4e6da09829d3a774f2e04913dab5d63
SHA256

945c94ac15326e0f2d8981211a0395821208872da46a59e502c0a3537dd17f77
SHA512

204b37163d7868d72ff6a356843d457052ac206a726fcc35f56ef07de4d7e23fe794060f5f1cd17a048bdb594a9b6233f8cbd72b7a9d1335fdd83aec09a77555
SSDEEP

192:8jeLE+15WnobmblAhnwSpUALcSaUzVP42fyWjBjip7xgYbkk6e0o9J1kgj7HqEEc:8UEWWVJAxBxhjipxjJ9KEECS0

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3704-2-0x0000000010000000-0x000000001000E000-memory.dmp	upx
behavioral2/memory/3704-1-0x0000000010000000-0x000000001000E000-memory.dmp	upx
behavioral2/memory/3704-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2680	3704	WerFault.exe	16

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3704	rundll32.exe
3704	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 3704	5000	rundll32.exe	16
PID 5000 wrote to memory of 3704	5000	rundll32.exe	16
PID 5000 wrote to memory of 3704	5000	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cf7b0e2ce5b5ca401d31016f92a7fc2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cf7b0e2ce5b5ca401d31016f92a7fc2.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 572
    3⤵
    - Program crash
    PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3704 -ip 3704
1⤵
PID:2052

memory/3704-2-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/3704-1-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/3704-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download