1c6d6b3ddea8e478a2cb1a71f2aa4ebd849d3d422d12b3d271796c01eb3ab2f8

Analysis

max time kernel
132s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:22

Target

0ccf06d959a7ecb84001e82c4a93cc59.dll
Size

13KB
MD5

0ccf06d959a7ecb84001e82c4a93cc59
SHA1

776ee8354c042aaeff50dc48b66132002afb5fdd
SHA256

1c6d6b3ddea8e478a2cb1a71f2aa4ebd849d3d422d12b3d271796c01eb3ab2f8
SHA512

aa69be6024a98d4ed7f7711e02fe3f1e755232d84d9ea9b9e728cef6e5552c645a6f3a5cab17b54e89c3cf00c481da8713eaa5469e95538f4b39b994c69477c0
SSDEEP

384:Roga7P3zobB7vU7uTMxNsmE0a5dj/DaNJawcudoD7U:CgaXQ5UCMxNsmEr5dKnbcuyD7U

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2360-0-0x0000000010000000-0x000000001000A000-memory.dmp	upx
behavioral2/memory/2360-1-0x0000000010000000-0x000000001000A000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3584	2360	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 2360	1596	rundll32.exe	14
PID 1596 wrote to memory of 2360	1596	rundll32.exe	14
PID 1596 wrote to memory of 2360	1596	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ccf06d959a7ecb84001e82c4a93cc59.dll,#1
1⤵
PID:2360
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 632
  2⤵
  - Program crash
  PID:3584

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ccf06d959a7ecb84001e82c4a93cc59.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2360 -ip 2360
1⤵
PID:748

memory/2360-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2360-1-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download