1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 10:15

Target

1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc.dll
Size

314KB
MD5

30a2fde7780e4928490777897af72057
SHA1

a6755dbc251fddb523e1d8762040108aa5198f8e
SHA256

1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc
SHA512

89da2592e70ba74a7e96f213dfa13c67085cd03cd2e763e404338d174d09de2e7dafce77c663056e9cf3a966e527bcb8fc20a2a8e8dd0ac316c9dc95b08e9be0
SSDEEP

6144:VXMURcNLpyXU9W5rulKJQ8n7fgK3RnHV2HoS:BN2NNyXUXM7fgK3RnHV2HoS

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2816-0-0x0000000063A80000-0x0000000063B63000-memory.dmp	upx
behavioral1/memory/2816-1-0x0000000063A80000-0x0000000063B63000-memory.dmp	upx
behavioral1/memory/2816-2-0x0000000063A80000-0x0000000063B63000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2832	2816	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2816 wrote to memory of 2832	2816	rundll32.exe	29
PID 2816 wrote to memory of 2832	2816	rundll32.exe	29
PID 2816 wrote to memory of 2832	2816	rundll32.exe	29
PID 2816 wrote to memory of 2832	2816	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 232
    3⤵
    - Program crash
    PID:2832

memory/2816-0-0x0000000063A80000-0x0000000063B63000-memory.dmp

Filesize
908KB

Download
memory/2816-1-0x0000000063A80000-0x0000000063B63000-memory.dmp

Filesize
908KB

Download
memory/2816-2-0x0000000063A80000-0x0000000063B63000-memory.dmp

Filesize
908KB

Download