e3f2ce57d56b67d237d62154c7f3a5af191f74426850ea240e917c7c231a2dad

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 16:37

Target

e3f2ce57d56b67d237d62154c7f3a5af191f74426850ea240e917c7c231a2dad.dll
Size

20KB
MD5

f0a0282b307c7183fa5b43b87c859e60
SHA1

13bbe754fa96178ffddf5bea6c291070c1ba8643
SHA256

e3f2ce57d56b67d237d62154c7f3a5af191f74426850ea240e917c7c231a2dad
SHA512

39e97c48999e8d350c937bdb433e00368ef15fa7e6b1d4df65bd0d9228d1c3767dcdc26e8b4306673bbba277f64f2a00e2916e13adcc78f520dbc272ecf7dcfa
SSDEEP

384:FwTlBZWt1GQ/4CBxrcGwMG1bBnl1mO29683wZy90DCZTjxYHGgjAKRaQHf3E:CLZWtr4kxpwL1bhbmOLSwZS+mgzR90

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1940-56-0x0000000010000000-0x0000000010012000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3f2ce57d56b67d237d62154c7f3a5af191f74426850ea240e917c7c231a2dad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3f2ce57d56b67d237d62154c7f3a5af191f74426850ea240e917c7c231a2dad.dll,#1
  2⤵
  PID:1940

memory/1940-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/1940-56-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download