a90d8c30368a1ca19c509a891935e3d2ecdece789bbb8ea12ef144dde707c004

Analysis

max time kernel
26s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 03:40

Target

a90d8c30368a1ca19c509a891935e3d2ecdece789bbb8ea12ef144dde707c004.dll
Size

50KB
MD5

696470ea522c1b5b20bf2312a3d95a70
SHA1

5ab0b049268c864494ac59e7f2f06b0672c76bfd
SHA256

a90d8c30368a1ca19c509a891935e3d2ecdece789bbb8ea12ef144dde707c004
SHA512

5aa458e782c85cb5709b7eb3ae3df4829bd01eec812e514cb0591668f9a59d8191318d52072a3d6aa9cfd1a1c568db45f976a373b269456493ece8e877d2cc2a
SSDEEP

768:26cTcjNp0oMrTo/Wxf38Mev0ZS6wBUSmlrCn1x3ipd+i6j0q1jkbSmObnz7MIdeN:23umoMtxmbDmlrI18Z6jdhmO7hdetNfZ

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1092-56-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1092	1856	rundll32.exe	27
PID 1856 wrote to memory of 1092	1856	rundll32.exe	27
PID 1856 wrote to memory of 1092	1856	rundll32.exe	27
PID 1856 wrote to memory of 1092	1856	rundll32.exe	27
PID 1856 wrote to memory of 1092	1856	rundll32.exe	27
PID 1856 wrote to memory of 1092	1856	rundll32.exe	27
PID 1856 wrote to memory of 1092	1856	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a90d8c30368a1ca19c509a891935e3d2ecdece789bbb8ea12ef144dde707c004.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a90d8c30368a1ca19c509a891935e3d2ecdece789bbb8ea12ef144dde707c004.dll,#1
  2⤵
  PID:1092

memory/1092-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/1092-56-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download