c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93

Analysis

max time kernel
9s
max time network
52s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 06:18

Target

c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93.dll
Size

62KB
MD5

b3ae737c13fdcfb0ba51ad62e9110950
SHA1

20e6c0f741edf3089ac5eb0b3ac3d9ca2a78470e
SHA256

c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93
SHA512

0abf799cb757eee3328b506950c4a7a5237641e57ea79bc6a0468f2cbeffa7caeac69c2c0c69f65d0305b7f568ab911ce761f223a9cecd09afc817d922ea81cb
SSDEEP

1536:Fresl3oLo8IfhocEKp/nUCR7p153/j8DZ:PlQahoctUe735b8DZ

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/844-56-0x0000000000190000-0x000000000019E000-memory.dmp	upx
behavioral1/memory/844-59-0x0000000000190000-0x000000000019E000-memory.dmp	upx
behavioral1/memory/844-60-0x0000000000190000-0x000000000019E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93.dll,#1
  2⤵
  PID:844

memory/844-54-0x0000000000000000-mapping.dmp

Download
memory/844-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download
memory/844-56-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/844-59-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/844-60-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/844-62-0x0000000000197000-0x000000000019D000-memory.dmp

Filesize
24KB

Download
memory/844-61-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download
memory/844-63-0x0000000000191000-0x0000000000197000-memory.dmp

Filesize
24KB

Download