891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 07:43

Target

891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad.dll
Size

73KB
MD5

a2dbb634ca51ca67362958c837e88bdf
SHA1

893457f7148af7f4ca3bf6f605052d796782ce15
SHA256

891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad
SHA512

a8e557f81bfad1429aae58742153b552f7ce95cdae91811782afda63bf445f465375087c2e7d785b36812ab5e2a865aa0a5f7c5f61b4963a49e5b285fe7b2b4d
SSDEEP

1536:dQ76ypVpWpIWsaKMZ8oxYhAdOeN8iZfwqsid1hZLk6xD:S75VHWnlDYhBZinsid3ZLkg

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2008-56-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 2008	740	rundll32.exe	27
PID 740 wrote to memory of 2008	740	rundll32.exe	27
PID 740 wrote to memory of 2008	740	rundll32.exe	27
PID 740 wrote to memory of 2008	740	rundll32.exe	27
PID 740 wrote to memory of 2008	740	rundll32.exe	27
PID 740 wrote to memory of 2008	740	rundll32.exe	27
PID 740 wrote to memory of 2008	740	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad.dll,#1
  2⤵
  PID:2008

memory/2008-55-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download
memory/2008-56-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download