5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 16:33

Target

5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c.dll
Size

65KB
MD5

96eb58210dfcfa7bd3d74deb2369c600
SHA1

cdc118a290ddc9951c4f552bf9d9afa1398405bc
SHA256

5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c
SHA512

630d7fdca1cc4510051b5983f9c12cdb9c511e0d290a0b9bdc729033aae53fd4e1f5dfab2425b572e9005745e4a84ea18b24741fdbe6a954a5135f60df4db877
SSDEEP

1536:K3lut2L47vQkODCES8wFmasu6pqd5O7+vuQhwo:QluSeQkODCEDWm+urfYx

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1696-56-0x0000000010000000-0x000000001004E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c.dll,#1
  2⤵
  PID:1696

memory/1696-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download
memory/1696-56-0x0000000010000000-0x000000001004E000-memory.dmp

Filesize
312KB

Download