40a90ddd4f4491ee74b28bdea5524fc01a484ab827954f2d2f1cb25461610573

Analysis

max time kernel
132s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 17:47

Target

Super Hexagon/Super Hexagon/fmodex.dll
Size

282KB
MD5

11b9c9949b797552badb69eb68d0d4b8
SHA1

5e56c03b89e0130310f100b1cc445ff2fb0b0e55
SHA256

5e2323323a3d0fb62551fc581a86be4b0800361685f4b07a0a7945fb4aae4aa7
SHA512

8671c38ec9fa01cd966613541b2c4e80d0a5b670bb8fa6797eab8479f9ea5601b04579672e511e37862f861e7ea155471edebfe13ec36f8cf4b779ed950f19b4
SSDEEP

6144:lz/1zLL/lXjOyjTo5RAO3T7hFNy8fVtvw/tXJlxNB/tEp2Bl:t1vZJTo5+O3/hjy8fVtv

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral7/memory/1576-0-0x0000000010000000-0x0000000010147000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
4956	1576	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 3580 wrote to memory of 1576	3580	rundll32.exe	82
PID 3580 wrote to memory of 1576	3580	rundll32.exe	82
PID 3580 wrote to memory of 1576	3580	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Super Hexagon\Super Hexagon\fmodex.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Super Hexagon\Super Hexagon\fmodex.dll",#1
  2⤵
  PID:1576
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 672
    3⤵
    - Program crash
    PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1576 -ip 1576
1⤵
PID:2460

memory/1576-0-0x0000000010000000-0x0000000010147000-memory.dmp

Filesize
1.3MB

Download