1d84a264d48d733f34da0177bd01370ecbe905be098b1ffb408a58cacb4221ff

Analysis

max time kernel
17s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 06:23

Target

1d84a264d48d733f34da0177bd01370ecbe905be098b1ffb408a58cacb4221ff.dll
Size

112KB
MD5

c08446d7e783c2fc55f90411dea97a48
SHA1

4df1da4cd52e41eb003369423f49536f840faf67
SHA256

1d84a264d48d733f34da0177bd01370ecbe905be098b1ffb408a58cacb4221ff
SHA512

751b370176a2138dd6c55c67e4dba30ef87795cbac7971dab17e367b3a66b41883ca65a5b2690e6e6b93b779a23143d6d4ad97b1259aa349ac5570460f0c8f83
SSDEEP

1536:dUM0u5E5MkQiqniMzykNpNykXteBVSc6iepQjoSPXAIxpVT9i1B34aaY/POG:ddhhSqxTxtYVSc6LaXlpVE3l

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1228-56-0x00000000001D0000-0x00000000001DE000-memory.dmp	upx
behavioral1/memory/1228-60-0x00000000001D0000-0x00000000001DE000-memory.dmp	upx
behavioral1/memory/1228-59-0x00000000001D0000-0x00000000001DE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1228	2044	rundll32.exe	28
PID 2044 wrote to memory of 1228	2044	rundll32.exe	28
PID 2044 wrote to memory of 1228	2044	rundll32.exe	28
PID 2044 wrote to memory of 1228	2044	rundll32.exe	28
PID 2044 wrote to memory of 1228	2044	rundll32.exe	28
PID 2044 wrote to memory of 1228	2044	rundll32.exe	28
PID 2044 wrote to memory of 1228	2044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d84a264d48d733f34da0177bd01370ecbe905be098b1ffb408a58cacb4221ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d84a264d48d733f34da0177bd01370ecbe905be098b1ffb408a58cacb4221ff.dll,#1
  2⤵
  PID:1228

memory/1228-55-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/1228-56-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download
memory/1228-60-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download
memory/1228-59-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download
memory/1228-61-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download
memory/1228-62-0x00000000001D7000-0x00000000001DD000-memory.dmp

Filesize
24KB

Download
memory/1228-63-0x00000000001D1000-0x00000000001D7000-memory.dmp

Filesize
24KB

Download
memory/1228-64-0x00000000001D7000-0x00000000001DD000-memory.dmp

Filesize
24KB

Download
memory/1228-65-0x00000000001D1000-0x00000000001D7000-memory.dmp

Filesize
24KB

Download