b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872

Analysis

max time kernel
92s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 21:36

Target

b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872.dll
Size

327KB
MD5

3abadeec500da846bcf4c9564fbf5e00
SHA1

f74b20ecf357c355b85f22ac865aa4a76f1533cb
SHA256

b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872
SHA512

a0cce233cb29197118168f67e69316b8306264454a51ae003fca1797b0e398693a47ba48974848ac928b32d3bbb5b2de9ea7f2b4e8861b4d431be324c7127aa5
SSDEEP

3072:+4XA3u+0uwCgiWLdiSh8SH62v5U2gQceEp:+4Xe4ibYdr2d2vCOe

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1792-56-0x0000000010000000-0x0000000010054000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 1792	468	rundll32.exe	28
PID 468 wrote to memory of 1792	468	rundll32.exe	28
PID 468 wrote to memory of 1792	468	rundll32.exe	28
PID 468 wrote to memory of 1792	468	rundll32.exe	28
PID 468 wrote to memory of 1792	468	rundll32.exe	28
PID 468 wrote to memory of 1792	468	rundll32.exe	28
PID 468 wrote to memory of 1792	468	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872.dll,#1
  2⤵
  PID:1792

memory/1792-55-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

Filesize
8KB

Download
memory/1792-56-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download