20dfb614f546ac73aa0f7b8e1b05a22bcbf48677214cc9c2dd62669f7d2f13aa

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 01:54

Target

20dfb614f546ac73aa0f7b8e1b05a22bcbf48677214cc9c2dd62669f7d2f13aa.dll
Size

39KB
MD5

85ef7c95e95d56e6aec0b6fee1a64678
SHA1

b1cd27f3b90b1360c748f856b99f2653671c39bf
SHA256

20dfb614f546ac73aa0f7b8e1b05a22bcbf48677214cc9c2dd62669f7d2f13aa
SHA512

22c54085b16c623f5f4f757bb0a32ee93934716263625138074a513d4c2093b61cebb4c2514b13a637e772dbd09ac5fdc310cb5d9cda1790deaf7533a731d1b7
SSDEEP

768:UjsEhZrg6jNs0C7L68Bwt8Ooxlg+5oBM30iTC1hfMdum3Yly7:kAS98Pg+R3hTMfMdumI

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1044-57-0x0000000074340000-0x00000000744EB000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20dfb614f546ac73aa0f7b8e1b05a22bcbf48677214cc9c2dd62669f7d2f13aa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\20dfb614f546ac73aa0f7b8e1b05a22bcbf48677214cc9c2dd62669f7d2f13aa.dll,#1
  2⤵
  PID:1044

memory/1044-54-0x0000000000000000-mapping.dmp

Download
memory/1044-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1044-56-0x00000000744F0000-0x000000007469B000-memory.dmp

Filesize
1.7MB

Download
memory/1044-57-0x0000000074340000-0x00000000744EB000-memory.dmp

Filesize
1.7MB

Download
memory/1044-58-0x00000000744F0000-0x00000000744FE000-memory.dmp

Filesize
56KB

Download