6723b627d28e5bceb49dfa195e6c2e0a13e30948f30b395f83a18c69840ceed8

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:22

Target

$PLUGINSDIR/nsArray.dll
Size

6KB
MD5

6206b94f91e92b7f7f72214c438dd414
SHA1

09281ee4a76aa7dce016e7476ce33aa74246a0c6
SHA256

b15de38c9d72eef3c8ac9336c39debb10edc8e4a26bcc32b319f6ae8c9141380
SHA512

502bedef4fe934c74903ea01036fc265b950a8bb4927f6b285926ff53140fa8a78f37bc7e39a8de8ccde0ba6cdf9d0f512379c9fef86ad60192ed4b447c00fd0
SSDEEP

96:QVtJ0bb2EKqyp//c6fbQ2Pz9AqgCLAk9F5LeT2b8HIK/O0iRxGQFIfA7gfMxLfA0:QGbQvp3c6/PwCLAk90K8DysQf0M2dja

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral5/memory/1708-1-0x0000000074D80000-0x0000000074D8A000-memory.dmp	upx
behavioral5/memory/1708-3-0x0000000074D80000-0x0000000074D8A000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1028 1708 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1028	1708	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2328 wrote to memory of 1708	2328	rundll32.exe	rundll32.exe
PID 2328 wrote to memory of 1708	2328	rundll32.exe	rundll32.exe
PID 2328 wrote to memory of 1708	2328	rundll32.exe	rundll32.exe
PID 2328 wrote to memory of 1708	2328	rundll32.exe	rundll32.exe
PID 2328 wrote to memory of 1708	2328	rundll32.exe	rundll32.exe
PID 2328 wrote to memory of 1708	2328	rundll32.exe	rundll32.exe
PID 2328 wrote to memory of 1708	2328	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1028	1708	rundll32.exe	WerFault.exe
PID 1708 wrote to memory of 1028	1708	rundll32.exe	WerFault.exe
PID 1708 wrote to memory of 1028	1708	rundll32.exe	WerFault.exe
PID 1708 wrote to memory of 1028	1708	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsArray.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsArray.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 220
3⤵
- Program crash
PID:1028

memory/1708-2-0x0000000074D90000-0x0000000074D9A000-memory.dmp

Filesize
40KB

Download
memory/1708-1-0x0000000074D80000-0x0000000074D8A000-memory.dmp

Filesize
40KB

Download
memory/1708-0-0x0000000074D90000-0x0000000074D9A000-memory.dmp

Filesize
40KB

Download
memory/1708-3-0x0000000074D80000-0x0000000074D8A000-memory.dmp

Filesize
40KB

Download
memory/1708-5-0x0000000074D90000-0x0000000074D9A000-memory.dmp

Filesize
40KB

Download
memory/1708-6-0x0000000074D90000-0x0000000074D9A000-memory.dmp

Filesize
40KB

Download