eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a

Analysis

max time kernel
3s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 11:16

Target

eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll
Size

16KB
MD5

bb60cb1009b0795a1066eeebe1dc00e0
SHA1

0ac5608cdfc542869cb48a151c201e65e1b1c7e0
SHA256

eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a
SHA512

61dcf15c5fb686969bd1cf054031eff58bb685ed0ef0e70209a77a27978c4ff02e1197a7a8a252daa7cdefafb77b6852a08bbadc3012fab08c0fb8e676a8c016
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSAps:KfAzBco0TAK8dEVSvGzzW

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1128-56-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1128-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll,#1
  2⤵
  PID:1128

memory/1128-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/1128-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1128-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download