aaee50b9f81bae8fda1a5cb9357f545b223192775a174f97bea47f1065d974d2

Analysis

max time kernel
35s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 03:31

Target

aaee50b9f81bae8fda1a5cb9357f545b223192775a174f97bea47f1065d974d2.dll
Size

116KB
MD5

a50488e150f48598bd516bfd38b34228
SHA1

842565427bd6aa7c2b4780d9bd429446d92c9091
SHA256

aaee50b9f81bae8fda1a5cb9357f545b223192775a174f97bea47f1065d974d2
SHA512

ef0b61b6f1bf53d880dfbe68df9c98196753d1101510deadac12d11291748c369200f8ef409d496f68e17febbd382e21faa5016bcb390c87b9d069f002eff006
SSDEEP

3072:xu3Zc6F5UQSvFwftpYglDcKjCCZaODOn:xu3Z5rU5vFItFlDV3a

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1880-56-0x0000000000180000-0x000000000018E000-memory.dmp	upx
behavioral1/memory/1880-60-0x0000000000180000-0x000000000018E000-memory.dmp	upx
behavioral1/memory/1880-59-0x0000000000180000-0x000000000018E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1880	1976	rundll32.exe	26
PID 1976 wrote to memory of 1880	1976	rundll32.exe	26
PID 1976 wrote to memory of 1880	1976	rundll32.exe	26
PID 1976 wrote to memory of 1880	1976	rundll32.exe	26
PID 1976 wrote to memory of 1880	1976	rundll32.exe	26
PID 1976 wrote to memory of 1880	1976	rundll32.exe	26
PID 1976 wrote to memory of 1880	1976	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aaee50b9f81bae8fda1a5cb9357f545b223192775a174f97bea47f1065d974d2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aaee50b9f81bae8fda1a5cb9357f545b223192775a174f97bea47f1065d974d2.dll,#1
  2⤵
  PID:1880

memory/1880-55-0x00000000762B1000-0x00000000762B3000-memory.dmp

Filesize
8KB

Download
memory/1880-56-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download
memory/1880-60-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download
memory/1880-59-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download
memory/1880-61-0x0000000000170000-0x0000000000176000-memory.dmp

Filesize
24KB

Download
memory/1880-62-0x0000000000187000-0x000000000018D000-memory.dmp

Filesize
24KB

Download
memory/1880-63-0x0000000000181000-0x0000000000187000-memory.dmp

Filesize
24KB

Download