796fbf4cb3d2778acb7d2641b584c533987d243df89aee9df97df6b703575aa5

Analysis

max time kernel
32s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 14:34

Target

796fbf4cb3d2778acb7d2641b584c533987d243df89aee9df97df6b703575aa5.dll
Size

137KB
MD5

4b1848eb95d02a0b58811b1a21471e40
SHA1

5155600c20c78c314756d6d849523109e1abf586
SHA256

796fbf4cb3d2778acb7d2641b584c533987d243df89aee9df97df6b703575aa5
SHA512

36f495c994406747dd800e0b81c40f2fa453b6a18572e1b081b9dd01aed714e4768fed2cbe819e28069dee0d262167177bd130100b04623f9ef79caf7b4a4ad5
SSDEEP

3072:6niXS4Rz+mbvUif3yRauPxshFUf8W9tr:TnYLiuauPxsRYt

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1892-57-0x0000000074BC0000-0x0000000074BE5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\796fbf4cb3d2778acb7d2641b584c533987d243df89aee9df97df6b703575aa5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\796fbf4cb3d2778acb7d2641b584c533987d243df89aee9df97df6b703575aa5.dll,#1
  2⤵
  PID:1892

memory/1892-54-0x0000000000000000-mapping.dmp

Download
memory/1892-55-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download
memory/1892-56-0x0000000074BF0000-0x0000000074C15000-memory.dmp

Filesize
148KB

Download
memory/1892-57-0x0000000074BC0000-0x0000000074BE5000-memory.dmp

Filesize
148KB

Download
memory/1892-58-0x0000000074BF0000-0x0000000074C15000-memory.dmp

Filesize
148KB

Download
memory/1892-59-0x0000000074BC0000-0x0000000074BE5000-memory.dmp

Filesize
148KB

Download