2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 11:34

Target

2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd.dll
Size

76KB
MD5

6d1a21b0186a6456ab98de623eae7090
SHA1

9d259d0c11b9cf4beb3ee333bf80cba03c5961f2
SHA256

2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd
SHA512

11d50921a966d483b94bfacc78d9ba590b9c9572c56bdcd40895feb584d44c3f58af2926ea5223633f2b11d1c87de67569e683f2a2ec7a201085ab2b2387bef5
SSDEEP

768:LWSSEyJ8TxqriMgpMXr7MMiz57KHKgqaA3hgAAh3LYP0qiqunTEDeBuYopjE7COR:LWUa8criF6r7MM0O738PHyJAjjOkb

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1516-56-0x0000000010000000-0x0000000010015000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1516	1464	rundll32.exe	26
PID 1464 wrote to memory of 1516	1464	rundll32.exe	26
PID 1464 wrote to memory of 1516	1464	rundll32.exe	26
PID 1464 wrote to memory of 1516	1464	rundll32.exe	26
PID 1464 wrote to memory of 1516	1464	rundll32.exe	26
PID 1464 wrote to memory of 1516	1464	rundll32.exe	26
PID 1464 wrote to memory of 1516	1464	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd.dll,#1
  2⤵
  PID:1516

memory/1516-54-0x0000000000000000-mapping.dmp

Download
memory/1516-55-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download
memory/1516-56-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download