d91e27dca6f6a4614f4691ab2643063e9753d9306d5f640cf91144435d1aaa21

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:58

Target

d91e27dca6f6a4614f4691ab2643063e9753d9306d5f640cf91144435d1aaa21.dll
Size

16KB
MD5

d97657e464d672e8c6e622d811d0b280
SHA1

773110861e4893c12033741a46b78e020037554b
SHA256

d91e27dca6f6a4614f4691ab2643063e9753d9306d5f640cf91144435d1aaa21
SHA512

c40ae25eaa24e410c22e5b90e1d320412821161f860ff9641afcad3c00f28c1b201fb7a5710475d1bb4d86cf97b4d649e8e20b18e2019cd571b0d3387acbe21c
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSApu:KfAzBco0TAK8dEVSvGzzA

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2044-56-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2044-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d91e27dca6f6a4614f4691ab2643063e9753d9306d5f640cf91144435d1aaa21.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d91e27dca6f6a4614f4691ab2643063e9753d9306d5f640cf91144435d1aaa21.dll,#1
  2⤵
  PID:2044

memory/2044-55-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/2044-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2044-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download