95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 22:19

Target

95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca.dll
Size

92KB
MD5

5d87cf08b052b9b3d435afa3d0d924b7
SHA1

97fa2cac1c001b5ffe45d5ba3a365e700b42ed59
SHA256

95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca
SHA512

e4d9cdb4b8445626b875962b9f06768852303af82a8a0c31406dc7f78dd5ba8b151ff448af9dc69b3911be8954053bd80632d9fd8d2a4c17c6256d0914a544f8
SSDEEP

1536:fRmUebiRV0dM05N0nqx1WKkdmLBegV3ktXWzfoDXZ5S+D+kux:ZegVGZ6qgdmLx2xWzfoDJ5ZSx

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1260-56-0x0000000000150000-0x000000000015E000-memory.dmp	upx
behavioral1/memory/1260-59-0x0000000000150000-0x000000000015E000-memory.dmp	upx
behavioral1/memory/1260-60-0x0000000000150000-0x000000000015E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca.dll,#1
  2⤵
  PID:1260

memory/1260-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1260-56-0x0000000000150000-0x000000000015E000-memory.dmp

Filesize
56KB

Download
memory/1260-59-0x0000000000150000-0x000000000015E000-memory.dmp

Filesize
56KB

Download
memory/1260-60-0x0000000000150000-0x000000000015E000-memory.dmp

Filesize
56KB

Download
memory/1260-61-0x0000000000140000-0x0000000000148000-memory.dmp

Filesize
32KB

Download
memory/1260-62-0x0000000000157000-0x000000000015D000-memory.dmp

Filesize
24KB

Download
memory/1260-63-0x0000000000151000-0x0000000000157000-memory.dmp

Filesize
24KB

Download