42c8a9229a75914532838be77bc4c771f8961f2ee05aa3d3806fd5589f1b18f3

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 23:27

Target

42c8a9229a75914532838be77bc4c771f8961f2ee05aa3d3806fd5589f1b18f3.dll
Size

235KB
MD5

4c424bf4ab4d6b7bfba6a20e70fdaa90
SHA1

d4927962d23bdf470706af6e4c764aa75481c95c
SHA256

42c8a9229a75914532838be77bc4c771f8961f2ee05aa3d3806fd5589f1b18f3
SHA512

34772ffdb247c7aef754762fa08016a9adb7efd2192ffdd5a13cbe5244c65f5fc9beec1e50ddfdebb36e301fc33a3266f205f4462b98075e4dabafe6c964af43
SSDEEP

6144:BVqlChzF1DBXDdIv6yuCqQPM1CfMuXu4tf7:BjBXJ+YCpPM1lSf7

Score

8^/10

upx

Blocklisted process makes network request 1 IoCs

flow	pid	Process
2	2044	rundll32.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2044-56-0x0000000001C30000-0x0000000001CD8000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\winhlpxp.dll	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42c8a9229a75914532838be77bc4c771f8961f2ee05aa3d3806fd5589f1b18f3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42c8a9229a75914532838be77bc4c771f8961f2ee05aa3d3806fd5589f1b18f3.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Drops file in Windows directory
  PID:2044

memory/2044-54-0x0000000000000000-mapping.dmp

Download
memory/2044-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/2044-56-0x0000000001C30000-0x0000000001CD8000-memory.dmp

Filesize
672KB

Download