8c6fee9cddbb1b2231832796a206f2960d6259fd2e2aa9adc2569bad0ecde067

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 12:56

Target

8c6fee9cddbb1b2231832796a206f2960d6259fd2e2aa9adc2569bad0ecde067.dll
Size

96KB
MD5

67e1f4480a1154c054f3ec8c8f250820
SHA1

24af03a1a46aac8d1f9b00008f4e2c7702d2cdb1
SHA256

8c6fee9cddbb1b2231832796a206f2960d6259fd2e2aa9adc2569bad0ecde067
SHA512

8d405c206ff3eec7f9ee7e1b8d1620b1295537dbc7e86f717fa736ef9c0ca47e06617469c7668be887f0d70e38c4486305e17b42030242298e7d1304be28316e
SSDEEP

1536:jB7EgYTbYQrlQd9qBIxrztLikOloMG4dUVZIHZyOcsTXBvGCY6:ttKrlQd4BI5hLiZlof4SZ6Y+R

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/872-56-0x0000000000110000-0x000000000011E000-memory.dmp	upx
behavioral1/memory/872-60-0x0000000000110000-0x000000000011E000-memory.dmp	upx
behavioral1/memory/872-59-0x0000000000110000-0x000000000011E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c6fee9cddbb1b2231832796a206f2960d6259fd2e2aa9adc2569bad0ecde067.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c6fee9cddbb1b2231832796a206f2960d6259fd2e2aa9adc2569bad0ecde067.dll,#1
  2⤵
  PID:872

memory/872-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x0000000000110000-0x000000000011E000-memory.dmp

Filesize
56KB

Download
memory/872-60-0x0000000000110000-0x000000000011E000-memory.dmp

Filesize
56KB

Download
memory/872-59-0x0000000000110000-0x000000000011E000-memory.dmp

Filesize
56KB

Download
memory/872-61-0x0000000000117000-0x000000000011D000-memory.dmp

Filesize
24KB

Download
memory/872-62-0x0000000000111000-0x0000000000117000-memory.dmp

Filesize
24KB

Download