85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4

Analysis

max time kernel
22s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 02:11 UTC

Target

85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4.dll
Size

58KB
MD5

78425bef258e703135799d3347970c0b
SHA1

6719ef432ca63c05e07abdc46703c3350fee86ab
SHA256

85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4
SHA512

5956271581769a9b5230211895b92dc1df234692622caebb31e1df80a344ff1867483c15c8b489b4b1d0c59e3115ebff76ca438b086b408d7c84a10f25a49186
SSDEEP

1536:V2bl7KanN5YHUQOo/ff12E8/rarc625x/Hd5nfQkBr:Wl7VgHUQOo/noE8zuVeTPBr

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/960-56-0x0000000010000000-0x000000001000A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 960	564	rundll32.exe	28
PID 564 wrote to memory of 960	564	rundll32.exe	28
PID 564 wrote to memory of 960	564	rundll32.exe	28
PID 564 wrote to memory of 960	564	rundll32.exe	28
PID 564 wrote to memory of 960	564	rundll32.exe	28
PID 564 wrote to memory of 960	564	rundll32.exe	28
PID 564 wrote to memory of 960	564	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4.dll,#1
  2⤵
  PID:960

memory/960-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/960-56-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download