d000d34e6c05db44ca5c1d3b1c64083c73ce90fb430b4a4b74cf53b78547cd86

Analysis

max time kernel
39s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 16:14

Target

d000d34e6c05db44ca5c1d3b1c64083c73ce90fb430b4a4b74cf53b78547cd86.dll
Size

16KB
MD5

200151a380ff04b7a1614439b1ca2b20
SHA1

2b2ba4648a01fe9c05977057a98a3a4c704ed59e
SHA256

d000d34e6c05db44ca5c1d3b1c64083c73ce90fb430b4a4b74cf53b78547cd86
SHA512

34f64ff722eebd91064dc094618b005e34e2e60726bf9763f18bf54b331bf3a24e87e5d776eff438da38bf0b6117493e9b4f55a65605f8fa5936c5ad785b1e75
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSApt:KfAzBco0TAK8dEVSvGzzf

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2008-56-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2008-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 2008	316	rundll32.exe	27
PID 316 wrote to memory of 2008	316	rundll32.exe	27
PID 316 wrote to memory of 2008	316	rundll32.exe	27
PID 316 wrote to memory of 2008	316	rundll32.exe	27
PID 316 wrote to memory of 2008	316	rundll32.exe	27
PID 316 wrote to memory of 2008	316	rundll32.exe	27
PID 316 wrote to memory of 2008	316	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d000d34e6c05db44ca5c1d3b1c64083c73ce90fb430b4a4b74cf53b78547cd86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d000d34e6c05db44ca5c1d3b1c64083c73ce90fb430b4a4b74cf53b78547cd86.dll,#1
  2⤵
  PID:2008

memory/2008-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/2008-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2008-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download