3c70b85a09de42ced418cda8991e4a939cc27fe5daf578790ef031214539d574

Analysis

max time kernel
2s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 12:02

Target

3c70b85a09de42ced418cda8991e4a939cc27fe5daf578790ef031214539d574.dll
Size

16KB
MD5

6777f022df32d4c3d86254de9dd15370
SHA1

a29477361d94e2785fd8aa41cd8e3b1db8d37901
SHA256

3c70b85a09de42ced418cda8991e4a939cc27fe5daf578790ef031214539d574
SHA512

6538a5df3b8d7873cd3a78e3be2ba27238780807e8b75e599ecbec2b0f0f26508a4dc1e60bfaaa1c8a723156e626f3c8926e2c8bff6e9f87e625aefae84d0e4a
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSApH:KfAzBco0TAK8dEVSvGzzN

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1116-56-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1116-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1116	1792	rundll32.exe	28
PID 1792 wrote to memory of 1116	1792	rundll32.exe	28
PID 1792 wrote to memory of 1116	1792	rundll32.exe	28
PID 1792 wrote to memory of 1116	1792	rundll32.exe	28
PID 1792 wrote to memory of 1116	1792	rundll32.exe	28
PID 1792 wrote to memory of 1116	1792	rundll32.exe	28
PID 1792 wrote to memory of 1116	1792	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c70b85a09de42ced418cda8991e4a939cc27fe5daf578790ef031214539d574.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c70b85a09de42ced418cda8991e4a939cc27fe5daf578790ef031214539d574.dll,#1
  2⤵
  PID:1116

memory/1116-55-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download
memory/1116-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1116-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download