cc8f9e509b01a1e1054ad7407539ad10e0a01b8fe0fd33f6484b5684c4fe2f0a

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-10-2022 07:42

Target

cc8f9e509b01a1e1054ad7407539ad10e0a01b8fe0fd33f6484b5684c4fe2f0a.dll
Size

62KB
MD5

413f08d3c893d58e7ea51b45fcd78143
SHA1

38edc6e99bb69deff89af7d05ef1ab60c82da73f
SHA256

cc8f9e509b01a1e1054ad7407539ad10e0a01b8fe0fd33f6484b5684c4fe2f0a
SHA512

ec68f2052a01fc2053c90e8b8f1fc1cfadccd38be90e80f842d1a226c5cc5ddd16f4eeb384db598b1074db199c95ea3810ed2fecae91be5f322ae6f04f4f0717
SSDEEP

1536:OsuX6JNBllDI5R8HBLtY4xqSzMBVBIC5oCwwx:1/b9k5eBLJxqSgBLteCwwx

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1176-56-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8f9e509b01a1e1054ad7407539ad10e0a01b8fe0fd33f6484b5684c4fe2f0a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8f9e509b01a1e1054ad7407539ad10e0a01b8fe0fd33f6484b5684c4fe2f0a.dll,#1
  2⤵
  PID:1176

memory/1176-54-0x0000000000000000-mapping.dmp

Download
memory/1176-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/1176-56-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download