Overview

overview

9

Static

static

9

d66ab45cb6...83.dll

windows7-x64

8

d66ab45cb6...83.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    33s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d66ab45cb61154f6d47aa8dc3a94e1697707216ec9e9de1b0143e74bf4bb0883.dll

  • Size

    16KB

  • MD5

    1c8f4513d7997367f124a0e72e0d94d0

  • SHA1

    e9d364ff49abf64e1b71c28e1259b098f18ff054

  • SHA256

    d66ab45cb61154f6d47aa8dc3a94e1697707216ec9e9de1b0143e74bf4bb0883

  • SHA512

    ca18431ed70aedf8dc0df7c54d708a66f0dd8d56feebbedd812f3ff62c84f70c2cff0da5106c2fc7463e0e7ad12f1e5b83572eaa98ed1acc7a2fd12959f36d6b

  • SSDEEP

    384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSApy:KfAzBco0TAK8dEVSvGzzA

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d66ab45cb61154f6d47aa8dc3a94e1697707216ec9e9de1b0143e74bf4bb0883.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d66ab45cb61154f6d47aa8dc3a94e1697707216ec9e9de1b0143e74bf4bb0883.dll,#1
      2⤵
        PID:1644

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1644-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1644-56-0x0000000010000000-0x000000001000F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1644-57-0x0000000010000000-0x000000001000F000-memory.dmp

      Filesize

      60KB

      Download