04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 14:22

Target

04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a.dll
Size

391KB
MD5

b267e7599b81711b1cde404810401a80
SHA1

10ad16db0b67fd05b8d149c50aa497df7a4f94fc
SHA256

04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a
SHA512

4f30ffd75f5596342a3eb44321fec6d2bd4d08b09537070a6d6ed983ed4c8d7a11792a452a6a8b21cb43b505fe2231b04aea4fb7f20074f7dc8436d1e1c63c4d
SSDEEP

6144:RhqWkFqGNXYfwiGsj8VNA75eyVYAp5yi:RhqWkFHtbgey8

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1724-56-0x0000000010000000-0x0000000010064000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a.dll,#1
  2⤵
  PID:1724

memory/1724-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download
memory/1724-56-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/1724-57-0x00000000000C0000-0x00000000000C3000-memory.dmp

Filesize
12KB

Download