97913b0cb347c72f8c74d6edf1a7ff7fe03d25774e74ded4ed89c8b93d5096fb

Analysis

max time kernel
31s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 16:52

Target

97913b0cb347c72f8c74d6edf1a7ff7fe03d25774e74ded4ed89c8b93d5096fb.dll
Size

73KB
MD5

5a33c0acce59da83b86014aeeb969b22
SHA1

63675e6fcf07b1a10ccf6eb05c5475ecb38ad51f
SHA256

97913b0cb347c72f8c74d6edf1a7ff7fe03d25774e74ded4ed89c8b93d5096fb
SHA512

1e4e9cf44736ebef2497dd93aa0c89732fbf9ce52fb908d5107f16cae860362e188c2afb0c46058319c8a12e66acba8f87d29ea750aae780dfefb22dfd7e7846
SSDEEP

1536:soa1lMWiUxVDKF04vqPJwq0c4FiojfK6wyeL7osQ3GrhYIgiT49gfLDZ:SMWiU+nqPyCtojCPHdrh1giT4mR

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2044-56-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97913b0cb347c72f8c74d6edf1a7ff7fe03d25774e74ded4ed89c8b93d5096fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\97913b0cb347c72f8c74d6edf1a7ff7fe03d25774e74ded4ed89c8b93d5096fb.dll,#1
  2⤵
  PID:2044

memory/2044-54-0x0000000000000000-mapping.dmp

Download
memory/2044-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/2044-56-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download