6ef970957acb177d96c37ae034db85d472c640fc4323dfdb4cce72566ba34e8d

Analysis

max time kernel
15s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 07:46

Target

6ef970957acb177d96c37ae034db85d472c640fc4323dfdb4cce72566ba34e8d.dll
Size

172KB
MD5

2ab3fb43e1d5a816691849131be8f520
SHA1

1bafc8a538f87df10bc52beabbcb685c4a685c3a
SHA256

6ef970957acb177d96c37ae034db85d472c640fc4323dfdb4cce72566ba34e8d
SHA512

e6b16aac99caf6047b83ee8be0d9885338dde0a7979c3282e8ac72a4b61fd83aba5d606d1f759f921b71cfa457415487c603778ac633f6a61417d276babf27b5
SSDEEP

3072:bWQu8DJh4+DzaHY09G7Jqx+ljDziJmR6GLOAuaAyh3k9e38VxJjQ1I9cGooBGIZm:bWQumJbC401c5yJmBPukhQBx+1ujoSGo

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1348-56-0x0000000010000000-0x0000000010087000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1348	1640	rundll32.exe	27
PID 1640 wrote to memory of 1348	1640	rundll32.exe	27
PID 1640 wrote to memory of 1348	1640	rundll32.exe	27
PID 1640 wrote to memory of 1348	1640	rundll32.exe	27
PID 1640 wrote to memory of 1348	1640	rundll32.exe	27
PID 1640 wrote to memory of 1348	1640	rundll32.exe	27
PID 1640 wrote to memory of 1348	1640	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ef970957acb177d96c37ae034db85d472c640fc4323dfdb4cce72566ba34e8d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ef970957acb177d96c37ae034db85d472c640fc4323dfdb4cce72566ba34e8d.dll,#1
  2⤵
  PID:1348

memory/1348-55-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/1348-56-0x0000000010000000-0x0000000010087000-memory.dmp

Filesize
540KB

Download