f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 05:15

Target

f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3.dll
Size

53KB
MD5

06427e65cf8b6f3571acf7f03dda9884
SHA1

198653d258d946aca56b8f719c7790fbac1647ae
SHA256

f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3
SHA512

69d0e330528dcd9b3ebecb347d1bda2c6cdf2c32bc406c19d16fcb6370d88c837b21e6aae2ebaa493b26d13a3da38b296e8828fe9c0b6dc6741e31294dedf314
SSDEEP

1536:d6aHSNmlAP/FwkcnNpirWmXdB7KdCxFipW:UaimlA3FMWDHKdCxFig

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/988-56-0x0000000010000000-0x000000001004D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3.dll,#1
  2⤵
  PID:988

memory/988-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download
memory/988-56-0x0000000010000000-0x000000001004D000-memory.dmp

Filesize
308KB

Download