6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 11:46

Target

6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131.dll
Size

743KB
MD5

39e9973602915b568e471c662003f6ad
SHA1

10d7b6bfdf7af1b7121970948c2f9f8ee9bdd0b7
SHA256

6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131
SHA512

46e0d8511931ca5905e012c029d7f14fd5aa958fb6e08e9d0b06c8edab0e66dcd0f99b2f6d34f161bb6f44bbe111606c8696d6ac78afe39509badd52b971d199
SSDEEP

12288:LK/B5QF5BV3wW9uD/mhCQFhvLulYMoGoPMP7ki0sD7VojMOVMl36W/8M:aB5QzB2W9xhzulYMoGoU7nD7VtOVMM4

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3020-1-0x0000000074370000-0x0000000074742000-memory.dmp	upx
behavioral1/memory/3020-2-0x0000000074370000-0x0000000074742000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 1992	3020	rundll32.exe	28
PID 3020 wrote to memory of 1992	3020	rundll32.exe	28
PID 3020 wrote to memory of 1992	3020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3020 -s 244
  2⤵
  PID:1992

memory/3020-1-0x0000000074370000-0x0000000074742000-memory.dmp

Filesize
3.8MB

Download
memory/3020-0-0x0000000074750000-0x0000000074B22000-memory.dmp

Filesize
3.8MB

Download
memory/3020-2-0x0000000074370000-0x0000000074742000-memory.dmp

Filesize
3.8MB

Download
memory/3020-4-0x0000000074750000-0x0000000074B22000-memory.dmp

Filesize
3.8MB

Download