b4a1e371fd75c1d9f98132b4995bd563420ae6cb255a1937f6719dc99c441365

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:17

Target

b4a1e371fd75c1d9f98132b4995bd563420ae6cb255a1937f6719dc99c441365.dll
Size

72KB
MD5

5c5a86f9fe16c933e1e774725ee56f59
SHA1

db707ebe7ac5e10ac6c0d610ef8195e1270fe250
SHA256

b4a1e371fd75c1d9f98132b4995bd563420ae6cb255a1937f6719dc99c441365
SHA512

076eb872358d7ecd544e3b5955bf1b206a00b6a25f6110d090739a5d9e62c69cf1b7fb5adeb17b0c2cc3064b70e60d7aaf4247524f271ae2dfaf21ee483d52b4
SSDEEP

1536:4sKXE0ySs/B5uKIjUEEfYOMOfVZlUApUZ2Bg3d:NWMBJIQEv5Sl5pK2Bg3d

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1920-56-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4a1e371fd75c1d9f98132b4995bd563420ae6cb255a1937f6719dc99c441365.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4a1e371fd75c1d9f98132b4995bd563420ae6cb255a1937f6719dc99c441365.dll,#1
  2⤵
  PID:1920

memory/1920-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/1920-56-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/1920-57-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/1920-58-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download