3ee6adf4f5a790b42fac892477c80aa713d0df3016f2cfb9631d7b9f935ccae1

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:31

Target

3ee6adf4f5a790b42fac892477c80aa713d0df3016f2cfb9631d7b9f935ccae1.dll
Size

88KB
MD5

5d73418c5e62214d4aa3dadf66f7ec1b
SHA1

499f3aa849a2ad07860ae20e168d5b8d1bc37a87
SHA256

3ee6adf4f5a790b42fac892477c80aa713d0df3016f2cfb9631d7b9f935ccae1
SHA512

66f5e7af6badc4da343f54886625a0ca480eb73636059255fd59fe97520e7f327e6aea72a7e87e9cec72ad196c2ae6de476bc79e9766916e691a73d4663c8a4a
SSDEEP

1536:25GGE6ySbQXI8MU12fuDKrsA7KWpb5wmDPSQVMS7NyGWulv:256JS80mpIyCM4Ui

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/876-56-0x0000000000130000-0x000000000013D000-memory.dmp	upx
behavioral1/memory/876-60-0x0000000000130000-0x000000000013D000-memory.dmp	upx
behavioral1/memory/876-59-0x0000000000130000-0x000000000013D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 584 wrote to memory of 876	584	rundll32.exe	rundll32.exe
PID 584 wrote to memory of 876	584	rundll32.exe	rundll32.exe
PID 584 wrote to memory of 876	584	rundll32.exe	rundll32.exe
PID 584 wrote to memory of 876	584	rundll32.exe	rundll32.exe
PID 584 wrote to memory of 876	584	rundll32.exe	rundll32.exe
PID 584 wrote to memory of 876	584	rundll32.exe	rundll32.exe
PID 584 wrote to memory of 876	584	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ee6adf4f5a790b42fac892477c80aa713d0df3016f2cfb9631d7b9f935ccae1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:584

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ee6adf4f5a790b42fac892477c80aa713d0df3016f2cfb9631d7b9f935ccae1.dll,#1
2⤵
PID:876

memory/876-54-0x0000000000000000-mapping.dmp

Download
memory/876-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/876-56-0x0000000000130000-0x000000000013D000-memory.dmp

Filesize
52KB

Download
memory/876-60-0x0000000000130000-0x000000000013D000-memory.dmp

Filesize
52KB

Download
memory/876-59-0x0000000000130000-0x000000000013D000-memory.dmp

Filesize
52KB

Download
memory/876-61-0x0000000000120000-0x0000000000128000-memory.dmp

Filesize
32KB

Download
memory/876-62-0x0000000000136000-0x000000000013C000-memory.dmp

Filesize
24KB

Download
memory/876-63-0x0000000000131000-0x0000000000136000-memory.dmp

Filesize
20KB

Download