addd864bbdedfcd53344b3c9a96c6e9b18b3e90e97ab1e21b2186c46bb2d089c

Analysis

max time kernel
39s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 16:14

Target

addd864bbdedfcd53344b3c9a96c6e9b18b3e90e97ab1e21b2186c46bb2d089c.dll
Size

16KB
MD5

06f544c15fd4e4a8d055405f8b621730
SHA1

9f8638ff65c583c3faa318d0bb5959cce4bcc69b
SHA256

addd864bbdedfcd53344b3c9a96c6e9b18b3e90e97ab1e21b2186c46bb2d089c
SHA512

23306a29dd933d652b619731aa9498283728bf95a6a9a9544efdcadabd2f8cf90426f8c25aa159ceda25fc9898ebab04a13ecfd349faed7d9a04e6bd50baa9cc
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSApj:KfAzBco0TAK8dEVSvGzzB

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1744-56-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1744-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 1744	1824	rundll32.exe	28
PID 1824 wrote to memory of 1744	1824	rundll32.exe	28
PID 1824 wrote to memory of 1744	1824	rundll32.exe	28
PID 1824 wrote to memory of 1744	1824	rundll32.exe	28
PID 1824 wrote to memory of 1744	1824	rundll32.exe	28
PID 1824 wrote to memory of 1744	1824	rundll32.exe	28
PID 1824 wrote to memory of 1744	1824	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\addd864bbdedfcd53344b3c9a96c6e9b18b3e90e97ab1e21b2186c46bb2d089c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\addd864bbdedfcd53344b3c9a96c6e9b18b3e90e97ab1e21b2186c46bb2d089c.dll,#1
  2⤵
  PID:1744

memory/1744-54-0x0000000000000000-mapping.dmp

Download
memory/1744-55-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download
memory/1744-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1744-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download