9780af6361f301ca673c80dbb880abebc65a307424fb33f8f595945577388eb0

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 16:53

Target

9780af6361f301ca673c80dbb880abebc65a307424fb33f8f595945577388eb0.dll
Size

16KB
MD5

a1b19f21804ac0c631d805e43013c250
SHA1

58ad4e4c8a9fa193121da343fc4d53e60639102e
SHA256

9780af6361f301ca673c80dbb880abebc65a307424fb33f8f595945577388eb0
SHA512

64e1930e5ef1eddfc2d203b19fedfe57c9a00bf933b3edb125a6eb2e6a5b763db277e30e8c6c39534cb9fed9dfc56acad180b5df5581758802def2d22e15eb05
SSDEEP

384:VbiEQaPV6hxDNq022CjMbsSNvBWEnjegVara7t:BUaPwA0RCjMXtht

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2032-56-0x0000000010000000-0x0000000010012000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\urImon.dll	rundll32.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\urImon.dll	rundll32.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2032	1724	rundll32.exe	27
PID 1724 wrote to memory of 2032	1724	rundll32.exe	27
PID 1724 wrote to memory of 2032	1724	rundll32.exe	27
PID 1724 wrote to memory of 2032	1724	rundll32.exe	27
PID 1724 wrote to memory of 2032	1724	rundll32.exe	27
PID 1724 wrote to memory of 2032	1724	rundll32.exe	27
PID 1724 wrote to memory of 2032	1724	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9780af6361f301ca673c80dbb880abebc65a307424fb33f8f595945577388eb0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9780af6361f301ca673c80dbb880abebc65a307424fb33f8f595945577388eb0.dll,#1
  2⤵
  - Drops file in Program Files directory
  PID:2032

memory/2032-55-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download
memory/2032-56-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download