5ee5e4abacee54c4dfc59676a86d90c2fd06b024b587ac71289e874d799b2d8f

Analysis

max time kernel
19s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 00:39

Target

5ee5e4abacee54c4dfc59676a86d90c2fd06b024b587ac71289e874d799b2d8f.dll
Size

66KB
MD5

7dd3fe2fcc65b2b76dd8d66e49531791
SHA1

229451f64808d8fbd5cb28b414d9982acaf67371
SHA256

5ee5e4abacee54c4dfc59676a86d90c2fd06b024b587ac71289e874d799b2d8f
SHA512

7eb891aa6285d2fab74c35360ea71322d4233c937e3b94279623d7d323f7701d23d0880ded5866e36a67d000424228b27c98a41a1e0bf61edfee71332f4e35db
SSDEEP

1536:EGa66I8pjm0qtLaZfI/8N/kuFLNh5a4a/Yb:EGa66Pj/qtwy8N3LNh5Co

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1216-56-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1216	2024	rundll32.exe	28
PID 2024 wrote to memory of 1216	2024	rundll32.exe	28
PID 2024 wrote to memory of 1216	2024	rundll32.exe	28
PID 2024 wrote to memory of 1216	2024	rundll32.exe	28
PID 2024 wrote to memory of 1216	2024	rundll32.exe	28
PID 2024 wrote to memory of 1216	2024	rundll32.exe	28
PID 2024 wrote to memory of 1216	2024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ee5e4abacee54c4dfc59676a86d90c2fd06b024b587ac71289e874d799b2d8f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ee5e4abacee54c4dfc59676a86d90c2fd06b024b587ac71289e874d799b2d8f.dll,#1
  2⤵
  PID:1216

memory/1216-55-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download
memory/1216-56-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download