99ebed691a77bfe8856037e14a8e4606e3a929ae2e8fb9463781cfe3568b070f

Analysis

max time kernel
39s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 09:59

Target

99ebed691a77bfe8856037e14a8e4606e3a929ae2e8fb9463781cfe3568b070f.dll
Size

14KB
MD5

7c53610584433dee340fec350cc27aa0
SHA1

dd21baafb5166a2b2b56f7f696f6e32bdcbac97b
SHA256

99ebed691a77bfe8856037e14a8e4606e3a929ae2e8fb9463781cfe3568b070f
SHA512

19a17e023c3b38f419f31afa66c09d1863af3d339ac4ed6a03b7dfb723bba3062f27559fe97fbfbd246425decc1462a44295e294f40184afa98499c2dc57ee39
SSDEEP

192:TJgXI9oKJT1NeooKwQYNbK04Z8uOrkTKxWYMJ20iXZmeCcocFG+qaNnjR5Y/sgS9:TJ6I9X1iQJ08tKlMJ20UZHQcUNa3

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1672-56-0x0000000023140000-0x000000002316F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1672	1736	rundll32.exe	28
PID 1736 wrote to memory of 1672	1736	rundll32.exe	28
PID 1736 wrote to memory of 1672	1736	rundll32.exe	28
PID 1736 wrote to memory of 1672	1736	rundll32.exe	28
PID 1736 wrote to memory of 1672	1736	rundll32.exe	28
PID 1736 wrote to memory of 1672	1736	rundll32.exe	28
PID 1736 wrote to memory of 1672	1736	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99ebed691a77bfe8856037e14a8e4606e3a929ae2e8fb9463781cfe3568b070f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99ebed691a77bfe8856037e14a8e4606e3a929ae2e8fb9463781cfe3568b070f.dll,#1
  2⤵
  PID:1672

memory/1672-55-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download
memory/1672-56-0x0000000023140000-0x000000002316F000-memory.dmp

Filesize
188KB

Download