37706b3f5120e682cf454d7cd35db7cdee5373b3796c19397188c424114029de

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 21:40

Target

sqlite3.dll
Size

171KB
MD5

744dcc4cbbfbb18fe3878c4e769ec48f
SHA1

c1f2c56ee2d91203a01d3465f185295477a1217d
SHA256

33eb31a2a576e663474a895ff0190316c64a93d9ce05a55df0d53f9beeb61163
SHA512

706630be2ca09e574a7794e32e515a0a3f993643d034647b8cb976c1e7045e87e30362757cc65fcdb95f4a4327f0dcda3edc82ba84e5ed9115870a037e13af21
SSDEEP

3072:4yOtgCNPbAHuzueAlwsKmiiEHpmBt7tjBwHH1ELXvSsmB8teUOhKJz4ZKJNCT1xe:FOtRsOz2xKmGH8JBwn+2smB1Uf8Kurb

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral5/memory/2676-0-0x0000000010000000-0x000000001005A000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2480 2676 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2480	2676	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2208 wrote to memory of 2676	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 2676	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 2676	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 2676	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 2676	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 2676	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 2676	2208	rundll32.exe	rundll32.exe
PID 2676 wrote to memory of 2480	2676	rundll32.exe	WerFault.exe
PID 2676 wrote to memory of 2480	2676	rundll32.exe	WerFault.exe
PID 2676 wrote to memory of 2480	2676	rundll32.exe	WerFault.exe
PID 2676 wrote to memory of 2480	2676	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 224
3⤵
- Program crash
PID:2480

memory/2676-0-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download