4dca508ff674daa91ea289ecefea9eae2261ec30bb043e6d4b74e2401a146a0d

Analysis

max time kernel
246s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:05

Target

4dca508ff674daa91ea289ecefea9eae2261ec30bb043e6d4b74e2401a146a0d.dll
Size

148KB
MD5

cf2cb0485dd5a47a6d5c25d113a85b8a
SHA1

91b8d29e6f1d4a9ba30fd0380219e4691d370f86
SHA256

4dca508ff674daa91ea289ecefea9eae2261ec30bb043e6d4b74e2401a146a0d
SHA512

0c4f798925b5b62965a2a81d11a40c0603a1e06167e2001947d959cfac774142b80300e72814fda15ba7fbc8d3adaa820899f7898b41d4f9f84cdf9cbe1daaa6
SSDEEP

3072:p9fHLmO0aChdcOXX9KMPkBhiQsiBs2mDynZeAS94iYk2lR8Z:/TmO0LhJX2BhOiB23r9fQ

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/544-56-0x00000000000E0000-0x00000000000ED000-memory.dmp	upx
behavioral1/memory/544-60-0x00000000000E0000-0x00000000000ED000-memory.dmp	upx
behavioral1/memory/544-59-0x00000000000E0000-0x00000000000ED000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 652 wrote to memory of 544	652	rundll32.exe	rundll32.exe
PID 652 wrote to memory of 544	652	rundll32.exe	rundll32.exe
PID 652 wrote to memory of 544	652	rundll32.exe	rundll32.exe
PID 652 wrote to memory of 544	652	rundll32.exe	rundll32.exe
PID 652 wrote to memory of 544	652	rundll32.exe	rundll32.exe
PID 652 wrote to memory of 544	652	rundll32.exe	rundll32.exe
PID 652 wrote to memory of 544	652	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4dca508ff674daa91ea289ecefea9eae2261ec30bb043e6d4b74e2401a146a0d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:652

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4dca508ff674daa91ea289ecefea9eae2261ec30bb043e6d4b74e2401a146a0d.dll,#1
2⤵
PID:544

memory/544-54-0x0000000000000000-mapping.dmp

Download
memory/544-55-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/544-56-0x00000000000E0000-0x00000000000ED000-memory.dmp

Filesize
52KB

Download
memory/544-60-0x00000000000E0000-0x00000000000ED000-memory.dmp

Filesize
52KB

Download
memory/544-59-0x00000000000E0000-0x00000000000ED000-memory.dmp

Filesize
52KB

Download
memory/544-62-0x00000000000E1000-0x00000000000E6000-memory.dmp

Filesize
20KB

Download
memory/544-61-0x00000000000E6000-0x00000000000EC000-memory.dmp

Filesize
24KB

Download