f334c443791705443c9ab486d012b136b987caaa51d1bb41a698d8ec3c60ca04

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 09:36

Target

f334c443791705443c9ab486d012b136b987caaa51d1bb41a698d8ec3c60ca04.dll
Size

26KB
MD5

b72f88b9aaa93f1e77e96bf326b87290
SHA1

53283a355b8106e8ca6c372168a604260d7815b2
SHA256

f334c443791705443c9ab486d012b136b987caaa51d1bb41a698d8ec3c60ca04
SHA512

922843767785b7c13d373ae5a06a91b458659f1c25986490c16074dcc5b93b5c981ad1f41f8bcddc9227ff504645b4907f03eadf4437032dfb5942b32b8146cc
SSDEEP

768:tn9opvGMutW+7Qta+dK+5DUod7COE9tzf/6:tngeW+ctaSK+5wtOkb6

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/872-57-0x0000000074F40000-0x0000000074F55000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f334c443791705443c9ab486d012b136b987caaa51d1bb41a698d8ec3c60ca04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f334c443791705443c9ab486d012b136b987caaa51d1bb41a698d8ec3c60ca04.dll,#1
  2⤵
  PID:872

memory/872-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x0000000074F60000-0x0000000074F73000-memory.dmp

Filesize
76KB

Download
memory/872-57-0x0000000074F40000-0x0000000074F55000-memory.dmp

Filesize
84KB

Download