ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2

Analysis

max time kernel
14s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 18:24

Target

ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2.dll
Size

208KB
MD5

099e73bd7633662bff63cc19f0e14090
SHA1

87f3056b2942d5f9ee05190ca41a3b711ea0bab8
SHA256

ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2
SHA512

1095ecc50aee49e0915475cad1349477ef322718a5c8692bcd8b9ecec79df49a632e34ea6abe72317f28f966fcfe3fbef99dbe2ec2eb14fb5f4aa7df82cb3bce
SSDEEP

3072:8ZhZbEXfZ0bN9Na7G8T9lOcBYdRsGqB0Z/0KcoCE9:8PVI8bNJ8T9lOcqdtqBh

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1736-56-0x00000000001A0000-0x00000000001AD000-memory.dmp	upx
behavioral1/memory/1736-60-0x00000000001A0000-0x00000000001AD000-memory.dmp	upx
behavioral1/memory/1736-59-0x00000000001A0000-0x00000000001AD000-memory.dmp	upx
behavioral1/memory/1736-61-0x00000000001A0000-0x00000000001B0000-memory.dmp	upx
behavioral1/memory/1736-65-0x00000000001A0000-0x00000000001AD000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 1736	1268	rundll32.exe	28
PID 1268 wrote to memory of 1736	1268	rundll32.exe	28
PID 1268 wrote to memory of 1736	1268	rundll32.exe	28
PID 1268 wrote to memory of 1736	1268	rundll32.exe	28
PID 1268 wrote to memory of 1736	1268	rundll32.exe	28
PID 1268 wrote to memory of 1736	1268	rundll32.exe	28
PID 1268 wrote to memory of 1736	1268	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2.dll,#1
  2⤵
  PID:1736

memory/1736-55-0x0000000076531000-0x0000000076533000-memory.dmp

Filesize
8KB

Download
memory/1736-56-0x00000000001A0000-0x00000000001AD000-memory.dmp

Filesize
52KB

Download
memory/1736-60-0x00000000001A0000-0x00000000001AD000-memory.dmp

Filesize
52KB

Download
memory/1736-59-0x00000000001A0000-0x00000000001AD000-memory.dmp

Filesize
52KB

Download
memory/1736-61-0x00000000001A0000-0x00000000001B0000-memory.dmp

Filesize
64KB

Download
memory/1736-62-0x00000000001B0000-0x00000000001B6000-memory.dmp

Filesize
24KB

Download
memory/1736-63-0x00000000001A6000-0x00000000001AC000-memory.dmp

Filesize
24KB

Download
memory/1736-64-0x00000000001A1000-0x00000000001A6000-memory.dmp

Filesize
20KB

Download
memory/1736-65-0x00000000001A0000-0x00000000001AD000-memory.dmp

Filesize
52KB

Download