3aef0b464b55cfb99b8811ed116c10c0a2d8e348e7373b75895175128864ec1a

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:33

Target

3aef0b464b55cfb99b8811ed116c10c0a2d8e348e7373b75895175128864ec1a.dll
Size

100KB
MD5

fffa76d097f4e4b7ca6a48c55150fbfd
SHA1

73f16256c4facfbc37865441e9d2203ec0fd558a
SHA256

3aef0b464b55cfb99b8811ed116c10c0a2d8e348e7373b75895175128864ec1a
SHA512

9111899a8b367832693685dba326cca4ef208123f405d67aa08f59355a509b653c00f0ea6505759fcec2afb5afdd9e6d26667a8d49b4bbcfb3c19327f1fd9e11
SSDEEP

3072:sqo2eQKf/W9bkEWpL/wu8DWoVdIXOTmDqq:sqPeQKfu9bPWpLx/YIeNq

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2004-56-0x0000000000200000-0x000000000020E000-memory.dmp	upx
behavioral1/memory/2004-59-0x0000000000200000-0x000000000020E000-memory.dmp	upx
behavioral1/memory/2004-60-0x0000000000200000-0x000000000020E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1608 wrote to memory of 2004	1608	rundll32.exe	rundll32.exe
PID 1608 wrote to memory of 2004	1608	rundll32.exe	rundll32.exe
PID 1608 wrote to memory of 2004	1608	rundll32.exe	rundll32.exe
PID 1608 wrote to memory of 2004	1608	rundll32.exe	rundll32.exe
PID 1608 wrote to memory of 2004	1608	rundll32.exe	rundll32.exe
PID 1608 wrote to memory of 2004	1608	rundll32.exe	rundll32.exe
PID 1608 wrote to memory of 2004	1608	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3aef0b464b55cfb99b8811ed116c10c0a2d8e348e7373b75895175128864ec1a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3aef0b464b55cfb99b8811ed116c10c0a2d8e348e7373b75895175128864ec1a.dll,#1
  2⤵
  PID:2004

memory/2004-54-0x0000000000000000-mapping.dmp

Download
memory/2004-55-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download
memory/2004-56-0x0000000000200000-0x000000000020E000-memory.dmp

Filesize
56KB

Download
memory/2004-59-0x0000000000200000-0x000000000020E000-memory.dmp

Filesize
56KB

Download
memory/2004-60-0x0000000000200000-0x000000000020E000-memory.dmp

Filesize
56KB

Download
memory/2004-61-0x00000000001F0000-0x00000000001F6000-memory.dmp

Filesize
24KB

Download
memory/2004-62-0x0000000000207000-0x000000000020D000-memory.dmp

Filesize
24KB

Download
memory/2004-63-0x0000000000201000-0x0000000000207000-memory.dmp

Filesize
24KB

Download