9449d6479529e977440e5cea5cf891253dc7e9989fec9638634741b357d08be5

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 01:21

Target

9449d6479529e977440e5cea5cf891253dc7e9989fec9638634741b357d08be5.dll
Size

18KB
MD5

ff5cd202fa5aad4874d1580aa206cd64
SHA1

ff05bb0bbdd519cd9230b6e10f594e26c348794c
SHA256

9449d6479529e977440e5cea5cf891253dc7e9989fec9638634741b357d08be5
SHA512

5b2cd27509dc5bdecab90371b08221c278534b06b13a1bd5d5f19c6b6fe5bc962745450b979ea9bafb1e64c45b0edf9e2b477ba178276dc51e5a4822be95b0b6
SSDEEP

384:8hDfZAzc75IbKtiMckJ4+8ih8/c1OaMRSBa9cbiwHu:8lCc7y4tJ4+lhYcs4Bwc2x

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/872-56-0x0000000010000000-0x0000000010011000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9449d6479529e977440e5cea5cf891253dc7e9989fec9638634741b357d08be5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9449d6479529e977440e5cea5cf891253dc7e9989fec9638634741b357d08be5.dll,#1
  2⤵
  PID:872

memory/872-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download