3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:20

Target

3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll
Size

572KB
MD5

c6c8ac637b64b7a5013de464d8e32308
SHA1

5e128ea3f5bb943f6edec3e6e9e42d739652e0f8
SHA256

3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f
SHA512

2d19dffa7301f11ccde14c85f9ae88a6fcefad552b84890bfce804c3d61f2eda8efd3ae2a7bbdd015cdec8ff8963a988b14f0dcf4ab9d43782315c35f4f27d6e
SSDEEP

6144:5uRydcGid80GZydrXAjoiWCFAviiJy59qsfnd9idBWqpivTaZbNbySno/xn8CGGC:5uRyvidfd0oRoueCMlC+/tgr

Score

9^/10

upx

UPX dump on OEP (original entry point) 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4852-0-0x0000000074B90000-0x0000000074BA7000-memory.dmp	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4852-0-0x0000000074B90000-0x0000000074BA7000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3440 4852 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3440	4852	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1676 wrote to memory of 4852	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 4852	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 4852	1676	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll,#1
2⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 600
3⤵
- Program crash
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4852 -ip 4852
1⤵
PID:2248

memory/4852-0-0x0000000074B90000-0x0000000074BA7000-memory.dmp

Filesize
92KB

Download