5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551

Analysis

max time kernel
23s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 14:11

Target

5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551.dll
Size

18KB
MD5

f9e76ebccc0473bfb77bce5b487f3290
SHA1

7933126f471fc86a89bc68d5d55d8cfee1c7a7ca
SHA256

5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551
SHA512

b5edd1dac52da7a1ba2ca00a96140cd02173c32dad0bf940e774bcd3e09e39f70ce7cc9c59ea7fd1886a4a7a7b4fceb264b542097fa4848af1ca45d2928f1b7b
SSDEEP

384:RrbJ6dHMbhWpHWwn6YWBZyQQwv2vmmnmIWrZPS7:RrsNMJFYgXDv2lnmIWs7

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/536-56-0x0000000014960000-0x0000000014978000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 536	1780	rundll32.exe	28
PID 1780 wrote to memory of 536	1780	rundll32.exe	28
PID 1780 wrote to memory of 536	1780	rundll32.exe	28
PID 1780 wrote to memory of 536	1780	rundll32.exe	28
PID 1780 wrote to memory of 536	1780	rundll32.exe	28
PID 1780 wrote to memory of 536	1780	rundll32.exe	28
PID 1780 wrote to memory of 536	1780	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551.dll,#1
  2⤵
  PID:536

memory/536-55-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/536-56-0x0000000014960000-0x0000000014978000-memory.dmp

Filesize
96KB

Download