e3fd6a14d408c9c5892627800f3b1df5c09c1cb025f30d45e931b4d2e5417d76

Analysis

max time kernel
27s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 11:59

Target

e3fd6a14d408c9c5892627800f3b1df5c09c1cb025f30d45e931b4d2e5417d76.dll
Size

58KB
MD5

63be4cd8e7b102d1943eb47f653d1f24
SHA1

a0ecfa031150639140550de949ab48f0aae3ee58
SHA256

e3fd6a14d408c9c5892627800f3b1df5c09c1cb025f30d45e931b4d2e5417d76
SHA512

deb04f785f248f28aee101a738ecdd64761935535d8a8552d52cd8d5323dacb4f0c1f00b9e72f8ed00e22047e25621972962a7ecf22154db6f464cc2ae772174
SSDEEP

768:5yoCleo/ZrTvvLYHd0DJVBQjc2wkzq6RCpS7nYVPqujKXRwyi3Td0LbnG8wlI:5yoC1RP9H5ko07nqnUwyi3TdGbnGI

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1696-56-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3fd6a14d408c9c5892627800f3b1df5c09c1cb025f30d45e931b4d2e5417d76.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3fd6a14d408c9c5892627800f3b1df5c09c1cb025f30d45e931b4d2e5417d76.dll,#1
  2⤵
  PID:1696

memory/1696-55-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download
memory/1696-56-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download