d7b54989e72d4efa2b558eff274998d5c07b61aa01c5b88e3014157e96ce2186

Analysis

max time kernel
33s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 23:11

Target

d7b54989e72d4efa2b558eff274998d5c07b61aa01c5b88e3014157e96ce2186.dll
Size

16KB
MD5

4d17fced6c81fdce5620210f9ef4a6a0
SHA1

e5b17f88e7f1dd4ce143ad6c00eb42ba229e19b2
SHA256

d7b54989e72d4efa2b558eff274998d5c07b61aa01c5b88e3014157e96ce2186
SHA512

5cb395417a4b1c13d0d81368932238edf1609877d326c6b23cf21dcc78861878db4cda480c473f0d34139495976e918e83891f10284b4b2e44e6300385057de5
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSApA:KfAzBco0TAK8dEVSvGzze

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1980-56-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1980-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b54989e72d4efa2b558eff274998d5c07b61aa01c5b88e3014157e96ce2186.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b54989e72d4efa2b558eff274998d5c07b61aa01c5b88e3014157e96ce2186.dll,#1
  2⤵
  PID:1980

memory/1980-55-0x00000000754E1000-0x00000000754E3000-memory.dmp

Filesize
8KB

Download
memory/1980-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1980-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download