1e1295e589fc37cc1f51b0f5716a33800d426af471cbf40231ed1e1dba9bf72a

Analysis

max time kernel
1566s
max time network
1576s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 19:44

Target

Spy-Net v2.6/Spy-Net v2.6/sqlite3.dll
Size

171KB
MD5

744dcc4cbbfbb18fe3878c4e769ec48f
SHA1

c1f2c56ee2d91203a01d3465f185295477a1217d
SHA256

33eb31a2a576e663474a895ff0190316c64a93d9ce05a55df0d53f9beeb61163
SHA512

706630be2ca09e574a7794e32e515a0a3f993643d034647b8cb976c1e7045e87e30362757cc65fcdb95f4a4327f0dcda3edc82ba84e5ed9115870a037e13af21
SSDEEP

3072:4yOtgCNPbAHuzueAlwsKmiiEHpmBt7tjBwHH1ELXvSsmB8teUOhKJz4ZKJNCT1xe:FOtRsOz2xKmGH8JBwn+2smB1Uf8Kurb

Score

7^/10

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

behavioral3/memory/756-0-0x0000000010000000-0x000000001005A000-memory.dmp upx
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

740 756 WerFault.exe rundll32.exe

resource	yara_rule
behavioral3/memory/756-0-0x0000000010000000-0x000000001005A000-memory.dmp	upx

pid	pid_target	process	target process
740	756	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4336 wrote to memory of 756	4336	rundll32.exe	rundll32.exe
PID 4336 wrote to memory of 756	4336	rundll32.exe	rundll32.exe
PID 4336 wrote to memory of 756	4336	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spy-Net v2.6\Spy-Net v2.6\sqlite3.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spy-Net v2.6\Spy-Net v2.6\sqlite3.dll",#1
2⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 600
3⤵
- Program crash
PID:740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 756 -ip 756
1⤵
PID:4420

memory/756-0-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download