257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 15:52

Target

257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3.dll
Size

53KB
MD5

13e26c236ff966da2c0dddbb73bfd130
SHA1

fb0cbcc61be4ffe7838c93df0ec1bf82552e6f69
SHA256

257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3
SHA512

2a36e5f6838b6b44e9e33c6e65fc6c60e606c1fbf13de088d0a9a5172e5857d60e8fcddab54ddaf64b595971375bc0bde4249c091ef666096d5c9d39f0bd55d1
SSDEEP

1536:56aHSNmlAP/FwkcnNpirWmXdB7KdCMngKPW:IaimlA3FMWDHKdCIO

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/940-56-0x0000000010000000-0x000000001004D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3.dll,#1
  2⤵
  PID:940

memory/940-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download
memory/940-56-0x0000000010000000-0x000000001004D000-memory.dmp

Filesize
308KB

Download