ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f

Analysis

max time kernel
27s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 07:28

Target

ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f.dll
Size

52KB
MD5

ff7da58a71b78c642d0ee95133e57a39
SHA1

3ce7dc9b8689946a8aff900b767a3e46411acd24
SHA256

ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f
SHA512

8c5f40813dad591d4a9babbd3eac0621808c97edbbf6af8d2b03d831fa56eb154c27acecf5ced03d32d88d40230c0e9781cbd2b9cb76a49e95a806f9590bc7ac
SSDEEP

768:XxDKZUrdq0vNVwlUM2RQCHHBSIdaZt77fKG4bMqFuI+E+7C7iMrQityILtlmXV+v:AZU0lW98ZtJ7C7iM04ln

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2036-56-0x00000000000B0000-0x00000000000C0000-memory.dmp	upx
behavioral1/memory/2036-57-0x00000000000B0000-0x00000000000C0000-memory.dmp	upx
behavioral1/memory/2036-58-0x00000000000B0000-0x00000000000C0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f.dll,#1
  2⤵
  PID:2036

memory/2036-55-0x0000000075511000-0x0000000075513000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x00000000000B0000-0x00000000000C0000-memory.dmp

Filesize
64KB

Download
memory/2036-57-0x00000000000B0000-0x00000000000C0000-memory.dmp

Filesize
64KB

Download
memory/2036-58-0x00000000000B0000-0x00000000000C0000-memory.dmp

Filesize
64KB

Download