bafe9a79ab0031e8a907543ce999d7e871cc0c9d009af94d17a8a4679a1e7b8b

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 18:43

Target

bafe9a79ab0031e8a907543ce999d7e871cc0c9d009af94d17a8a4679a1e7b8b.dll
Size

1.1MB
MD5

df00e6040b489e6bd1b14c18e6ea6787
SHA1

7f17bf9a6a0970e2ddcd8294ece69dd4e679d57f
SHA256

bafe9a79ab0031e8a907543ce999d7e871cc0c9d009af94d17a8a4679a1e7b8b
SHA512

4b01d7cfe8a6e828570b75182823fc31b29a021cdf0714fbc6890348456e54569e7e62eb4e4b6d9d876b0ba0bd6b432a3226191ef87bfa3632c05d453ca5584e
SSDEEP

24576:kDgDgDgDgDgDgDgDgDgDgDgDgDgDgDgDgDgDgD7DDDDDDDDDDDDDDDDDDDDDDDDD:Ycccccccccccccccccc7DDDDDDDDDDDn

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2016-56-0x0000000010000000-0x0000000010016000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bafe9a79ab0031e8a907543ce999d7e871cc0c9d009af94d17a8a4679a1e7b8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bafe9a79ab0031e8a907543ce999d7e871cc0c9d009af94d17a8a4679a1e7b8b.dll,#1
  2⤵
  PID:2016

memory/2016-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download
memory/2016-56-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download