0845a4e9b3509e6d367a4a26f1c65593ed9267a9e40beb7eaed8fcfdbe11ca83

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 11:03

Target

0845a4e9b3509e6d367a4a26f1c65593ed9267a9e40beb7eaed8fcfdbe11ca83.dll
Size

72KB
MD5

8dc42bc1d8dc8126ba976efe3ccdbaa0
SHA1

72500290b2ef25b98015a65c346aaa6033dbbfc8
SHA256

0845a4e9b3509e6d367a4a26f1c65593ed9267a9e40beb7eaed8fcfdbe11ca83
SHA512

d6cbaba4b2bc9be1a081861de3279f79ba3fc806ab67555132da8f4b124a6bce72ca411494d8b221551b9154632270d7dec99d5abf473041fba4ece826806e5d
SSDEEP

1536:QEzchvgvxVLF42ylLtcaALEz3BTyn4a0JDG/LN:QVYfO0/QpyR0JGzN

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1428-56-0x0000000010000000-0x000000001005F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1428	1044	rundll32.exe	27
PID 1044 wrote to memory of 1428	1044	rundll32.exe	27
PID 1044 wrote to memory of 1428	1044	rundll32.exe	27
PID 1044 wrote to memory of 1428	1044	rundll32.exe	27
PID 1044 wrote to memory of 1428	1044	rundll32.exe	27
PID 1044 wrote to memory of 1428	1044	rundll32.exe	27
PID 1044 wrote to memory of 1428	1044	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0845a4e9b3509e6d367a4a26f1c65593ed9267a9e40beb7eaed8fcfdbe11ca83.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0845a4e9b3509e6d367a4a26f1c65593ed9267a9e40beb7eaed8fcfdbe11ca83.dll,#1
  2⤵
  PID:1428

memory/1428-55-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/1428-56-0x0000000010000000-0x000000001005F000-memory.dmp

Filesize
380KB

Download