c97f1b5135d7b95fdc67f9ea8b94ccb7664ab8fe0b9677ceeb03b326cf966312

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 17:46

Target

c97f1b5135d7b95fdc67f9ea8b94ccb7664ab8fe0b9677ceeb03b326cf966312.dll
Size

73KB
MD5

1a9ae4a85e28b5cbd5be36817177c2c1
SHA1

ea6fecd2d717556f5ba35e4de8bc80626eabd7c5
SHA256

c97f1b5135d7b95fdc67f9ea8b94ccb7664ab8fe0b9677ceeb03b326cf966312
SHA512

3c9841de58a58fd605e890cdbf736e4135e6bc16b4b4a562405e881e7854666a30e0b5633674e4a79cbe2fea278c4bdd0c506b0973209294820acbc516ba9ad7
SSDEEP

1536:sShobM6pi2gcMt5K1JE8O6LIksBco+s3HC:LogogRt5K1THjwfvHC

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1668-56-0x00000000000C0000-0x00000000000CE000-memory.dmp	upx
behavioral1/memory/1668-60-0x00000000000C0000-0x00000000000CE000-memory.dmp	upx
behavioral1/memory/1668-59-0x00000000000C0000-0x00000000000CE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c97f1b5135d7b95fdc67f9ea8b94ccb7664ab8fe0b9677ceeb03b326cf966312.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c97f1b5135d7b95fdc67f9ea8b94ccb7664ab8fe0b9677ceeb03b326cf966312.dll,#1
  2⤵
  PID:1668

memory/1668-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1668-56-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/1668-60-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/1668-59-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/1668-61-0x00000000000B0000-0x00000000000B6000-memory.dmp

Filesize
24KB

Download
memory/1668-62-0x00000000000C7000-0x00000000000CD000-memory.dmp

Filesize
24KB

Download
memory/1668-63-0x00000000000C1000-0x00000000000C7000-memory.dmp

Filesize
24KB

Download