e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a

Analysis

max time kernel
34s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 07:54

Target

e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a.dll
Size

195KB
MD5

4f5894c109ac2df0ee6326a55073f0e4
SHA1

db5ceeb6a89a9abad401d0d4d9860246d892d19a
SHA256

e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a
SHA512

79680a6b17fd449d9d26d00186f496f18eb6e601b3035d30081022a0daa0d62e773ac14ad96c0df8b7dea988b5877c9ea442736f4a6bb80b6027830a836ca158
SSDEEP

3072:8K35ZY7nm9wDUfoTF4eiJILmThxOqoIdRs4O5KYTLi9nvGjiAtnltEyBW:897nm9IUfwb6ThdzuLiOlt

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1264-56-0x0000000000150000-0x000000000015D000-memory.dmp	upx
behavioral1/memory/1264-60-0x0000000000150000-0x000000000015D000-memory.dmp	upx
behavioral1/memory/1264-59-0x0000000000150000-0x000000000015D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a.dll,#1
  2⤵
  PID:1264

memory/1264-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1264-56-0x0000000000150000-0x000000000015D000-memory.dmp

Filesize
52KB

Download
memory/1264-60-0x0000000000150000-0x000000000015D000-memory.dmp

Filesize
52KB

Download
memory/1264-59-0x0000000000150000-0x000000000015D000-memory.dmp

Filesize
52KB

Download
memory/1264-61-0x0000000000140000-0x0000000000146000-memory.dmp

Filesize
24KB

Download
memory/1264-62-0x0000000000157000-0x000000000015C000-memory.dmp

Filesize
20KB

Download
memory/1264-63-0x0000000000151000-0x0000000000157000-memory.dmp

Filesize
24KB

Download