a532022ee0d12a38a34cdc40875f12dc6d881eec317f6a2a7cd1f3badb310584

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:22

Target

a532022ee0d12a38a34cdc40875f12dc6d881eec317f6a2a7cd1f3badb310584.dll
Size

159KB
MD5

2f918c3139d4f68a50f7ec6cb021872c
SHA1

e55a54a369e7d84258ed9a4a009dbeed8f85727b
SHA256

a532022ee0d12a38a34cdc40875f12dc6d881eec317f6a2a7cd1f3badb310584
SHA512

1932922cb9f5a4380f9ddcd3d9d502d91e22eaf6b366c65dfbdd2cf75209c51f3356b967a4d0f12bdceb847b2ea8673eb4c6b19063fa1dfd93f5986adb7d9309
SSDEEP

3072:GUtS+MmJCV543oQDKK8IfCVi3gSgAJMn094FfKAaUA6cpmhJrInaqtc:GUtPMkWaoQmbwCk3gSgA/4hKGcUjs

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/292-3-0x000007FEF7710000-0x000007FEF776B000-memory.dmp	upx
behavioral1/memory/292-2-0x000007FEF7710000-0x000007FEF776B000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 292 wrote to memory of 2612	292	rundll32.exe	WerFault.exe
PID 292 wrote to memory of 2612	292	rundll32.exe	WerFault.exe
PID 292 wrote to memory of 2612	292	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a532022ee0d12a38a34cdc40875f12dc6d881eec317f6a2a7cd1f3badb310584.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:292

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 292 -s 100
2⤵
PID:2612

memory/292-0-0x000007FEF8400000-0x000007FEF845B000-memory.dmp

Filesize
364KB

Download
memory/292-3-0x000007FEF7710000-0x000007FEF776B000-memory.dmp

Filesize
364KB

Download
memory/292-2-0x000007FEF7710000-0x000007FEF776B000-memory.dmp

Filesize
364KB

Download
memory/292-1-0x000007FEF8400000-0x000007FEF845B000-memory.dmp

Filesize
364KB

Download
memory/292-5-0x000007FEF8400000-0x000007FEF845B000-memory.dmp

Filesize
364KB

Download
memory/292-7-0x000007FEF8400000-0x000007FEF845B000-memory.dmp

Filesize
364KB

Download