0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551

Analysis

max time kernel
25s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:09

Target

0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551.dll
Size

42KB
MD5

16725fa12a74b32c238c23aa6fe9cc60
SHA1

95c2d2db70394c8f4822246d3fccb86dfe1b9760
SHA256

0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551
SHA512

eda21d24ef26fa3279ccc4a2d9c558defd885d104b18043573690d3a4ed9af8f4b60f258423bbdc10986f4b2c9c82b46422e2c42e9196da3163b1d8ad033f084
SSDEEP

768:0pUDhOS0BwePY4/rKEI2d3n/JByd8uRfmXXbSGBDmlf4Sosos9Oxixwgsc62hx:0WUHBppRnd3nM8uB+bVByt4Vsos9OcxT

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1120-56-0x0000000010000000-0x0000000010040000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1120	884	rundll32.exe	27
PID 884 wrote to memory of 1120	884	rundll32.exe	27
PID 884 wrote to memory of 1120	884	rundll32.exe	27
PID 884 wrote to memory of 1120	884	rundll32.exe	27
PID 884 wrote to memory of 1120	884	rundll32.exe	27
PID 884 wrote to memory of 1120	884	rundll32.exe	27
PID 884 wrote to memory of 1120	884	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551.dll,#1
  2⤵
  PID:1120

memory/1120-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download
memory/1120-56-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download