c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996

Analysis

max time kernel
37s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 07:46

Target

c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll
Size

79KB
MD5

93353ce06791d05e79229d408acdef13
SHA1

83be628328312c00de32bceaaca8b8587dad7d41
SHA256

c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996
SHA512

69bdae2581a867bb60d5e01696c2f31fd7df69e46e2f5c544c42c76e233ff1ea252d565377fb5d97b2828ee433824e6b7cce2ff4d53a3a1abf291f4065dbcdb7
SSDEEP

1536:evCWSWkJ/gnBXgdz61EJPaw1JZbmjKINsI0jfs8rUqyrXbG:ESWUwkzJEDiI0bBgqyrLG

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1548-56-0x0000000010000000-0x000000001000C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll,#1
  2⤵
  PID:1548

memory/1548-55-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download
memory/1548-56-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download