34353d841c7d7e7ec85f8ebb40b78e983e352c6432b851c7c304c13482776c75

Analysis

max time kernel
90s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
16-02-2024 01:30

Target

9f19e44dc132b347a832901cc15caf21.dll
Size

200KB
MD5

9f19e44dc132b347a832901cc15caf21
SHA1

41ca6d640e185da276f3f9fb3c15a79115079b43
SHA256

34353d841c7d7e7ec85f8ebb40b78e983e352c6432b851c7c304c13482776c75
SHA512

e1abcbf682fcacec332cafe8015ac0db19a84257f334bdd09a2e88099251ece3b341a562a723739323461685df0b07241608733aa967016b1fcfa693c35cef99
SSDEEP

6144:PT4iMY1gO7+QpRAUOldWeYA+m6Bz64GoWBmVu9oS:Pd1gOaQpRKWth64LWB6u9oS

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/1940-0-0x0000000001FE0000-0x0000000002042000-memory.dmp	upx
behavioral2/memory/1940-1-0x0000000001FE0000-0x0000000002042000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4560 1940 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4560	1940	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2204 wrote to memory of 1940	2204	rundll32.exe	rundll32.exe
PID 2204 wrote to memory of 1940	2204	rundll32.exe	rundll32.exe
PID 2204 wrote to memory of 1940	2204	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f19e44dc132b347a832901cc15caf21.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f19e44dc132b347a832901cc15caf21.dll,#1
2⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 540
3⤵
- Program crash
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1940 -ip 1940
1⤵
PID:628

memory/1940-0-0x0000000001FE0000-0x0000000002042000-memory.dmp

Filesize
392KB

Download
memory/1940-1-0x0000000001FE0000-0x0000000002042000-memory.dmp

Filesize
392KB

Download
memory/1940-2-0x0000000000600000-0x0000000000614000-memory.dmp

Filesize
80KB

Download
memory/1940-3-0x0000000001FE0000-0x0000000002042000-memory.dmp

Filesize
392KB

Download