7637acbf9aeacf520b1005732c8859bd0914b934d0b16eb7c9ba9113b55425e1

Analysis

max time kernel
137s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:33

Target

7637acbf9aeacf520b1005732c8859bd0914b934d0b16eb7c9ba9113b55425e1.dll
Size

355KB
MD5

ec22345897bda1b789033b8e6d3c70e8
SHA1

1caf0d4ca91805568de87ccdacba5cad2b3469f1
SHA256

7637acbf9aeacf520b1005732c8859bd0914b934d0b16eb7c9ba9113b55425e1
SHA512

7f9d9f3907c0df142392a2af28dfd56edf4020824ac10988382a074760357e8a18725a8152081e5c883d8a15bde74d7bad249be7c44f86d13ead633ac39f9cb9
SSDEEP

6144:crCO0lXWYiXsw7ZZJRagDic7BI6b7PTvJwNhhcq4mL37RgTk3nCV/+79HV7CCbg2:XO0lXWi6ZXRHictecYRgA3nCVm79YR3

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1036-133-0x0000000075450000-0x0000000075548000-memory.dmp	upx
behavioral2/memory/1036-135-0x0000000075450000-0x0000000075548000-memory.dmp	upx
behavioral2/memory/1036-136-0x0000000075450000-0x0000000075548000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1036	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 1036	3528	rundll32.exe	80
PID 3528 wrote to memory of 1036	3528	rundll32.exe	80
PID 3528 wrote to memory of 1036	3528	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7637acbf9aeacf520b1005732c8859bd0914b934d0b16eb7c9ba9113b55425e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7637acbf9aeacf520b1005732c8859bd0914b934d0b16eb7c9ba9113b55425e1.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1036

memory/1036-133-0x0000000075450000-0x0000000075548000-memory.dmp

Filesize
992KB

Download
memory/1036-135-0x0000000075450000-0x0000000075548000-memory.dmp

Filesize
992KB

Download
memory/1036-136-0x0000000075450000-0x0000000075548000-memory.dmp

Filesize
992KB

Download