260391ac0ba0277cd766f03e278f717c11ab2b217205497270b28f84be1847be

Analysis

max time kernel
32s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 05:32

Target

260391ac0ba0277cd766f03e278f717c11ab2b217205497270b28f84be1847be.dll
Size

196KB
MD5

c70df958be3a104a0772a82319defc40
SHA1

79789f903863b0896d4b5404400a6c7c25082758
SHA256

260391ac0ba0277cd766f03e278f717c11ab2b217205497270b28f84be1847be
SHA512

a73a6fe45affcc6446eb110c37fe538b17ccf6dc2b0944c0d76458608244cacfdf10f758510efca90dec5688de5f2030a4eef9b50f649dd812b33d2dadcacb69
SSDEEP

3072:AtgTLmA2ib0oU3lvczTXwdPKF3sh+ZzQqihgrCchPlygaTQw59wflh:VL92iVvzDwlRsZ0qTrC/LT7slh

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1940-56-0x00000000001A0000-0x00000000001AE000-memory.dmp	upx
behavioral1/memory/1940-60-0x00000000001A0000-0x00000000001AE000-memory.dmp	upx
behavioral1/memory/1940-59-0x00000000001A0000-0x00000000001AE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\260391ac0ba0277cd766f03e278f717c11ab2b217205497270b28f84be1847be.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\260391ac0ba0277cd766f03e278f717c11ab2b217205497270b28f84be1847be.dll,#1
  2⤵
  PID:1940

memory/1940-54-0x0000000000000000-mapping.dmp

Download
memory/1940-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1940-56-0x00000000001A0000-0x00000000001AE000-memory.dmp

Filesize
56KB

Download
memory/1940-60-0x00000000001A0000-0x00000000001AE000-memory.dmp

Filesize
56KB

Download
memory/1940-59-0x00000000001A0000-0x00000000001AE000-memory.dmp

Filesize
56KB

Download
memory/1940-61-0x00000000001A7000-0x00000000001AD000-memory.dmp

Filesize
24KB

Download
memory/1940-62-0x00000000001A1000-0x00000000001A7000-memory.dmp

Filesize
24KB

Download