a258b6854fe7c046ea73d621b7f94f6cba45ce65903af7b2da2fd88e12ade1df

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 10:26

Target

a258b6854fe7c046ea73d621b7f94f6cba45ce65903af7b2da2fd88e12ade1df.dll
Size

12KB
MD5

63ed5a54d18e6ee2b5f949b8aa1c6c95
SHA1

4708cbe58585fc39d568cf14b58d5b81fd622cae
SHA256

a258b6854fe7c046ea73d621b7f94f6cba45ce65903af7b2da2fd88e12ade1df
SHA512

abdbc9a967257f33cd3e918ef292575c060678c5738a9d2db0d29b48c1f67c3234537ecb4bf123d37fadc2cc7e3bb52d4d8d4baaabcbd652ef3286308bcc65f3
SSDEEP

192:I1aNurukmWhqkpi5aaf+yGRCZb0EUkKR89APA6jJSvcxpY2Lj89TUya4FjYW8W:IAsykvq5DJlb0EfNWPLjJciYijSwytu0

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1168-56-0x0000000010000000-0x000000001000B000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a258b6854fe7c046ea73d621b7f94f6cba45ce65903af7b2da2fd88e12ade1df.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a258b6854fe7c046ea73d621b7f94f6cba45ce65903af7b2da2fd88e12ade1df.dll,#1
  2⤵
  PID:1168

memory/1168-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download
memory/1168-56-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download