93591820820d679a0e5ba192385291fd16f1907c003438a772b48d66b51668c1

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 01:08

Target

93591820820d679a0e5ba192385291fd16f1907c003438a772b48d66b51668c1.dll
Size

136KB
MD5

9de2cbc7211ca34ec78d1ddb07240140
SHA1

af6b6323f755fb1c3f6b41b256b613a2ce9af82c
SHA256

93591820820d679a0e5ba192385291fd16f1907c003438a772b48d66b51668c1
SHA512

79ee4f41cd293574c40c06de6faf03292f7560ed1e008df14f563fd4fccaf281068ed19efd8ee61cbfdc5dc469a1823e0513129d69d45527b2abfa000f23e421
SSDEEP

3072:roAXC+cLD0oz1AMEnQjUxoEg9GhYuhpoqKlNNi:ByDLD0m9EnQYCEg9G8PE

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/872-56-0x000000007EE00000-0x000000007EE38000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93591820820d679a0e5ba192385291fd16f1907c003438a772b48d66b51668c1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\93591820820d679a0e5ba192385291fd16f1907c003438a772b48d66b51668c1.dll,#1
  2⤵
  PID:872

memory/872-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x000000007EE00000-0x000000007EE38000-memory.dmp

Filesize
224KB

Download