Analysis
-
max time kernel
27s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
01-03-2023 04:55
General
-
Target
64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc.dll
-
Size
392KB
-
MD5
36959f6c0d0ec1c2530e44757835f85f
-
SHA1
62315ceee75c18046d8fdddb04a237fb53bb269c
-
SHA256
64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc
-
SHA512
ae140fd617726fb4af386698be97258c3d795983660b50abc8a6bfe445c12582fd46c75a59606557ec1bfe598bf474cc2e37698dab1cb7ea5033d0f80ecfdb0c
-
SSDEEP
6144:+fxf2hROOYmRDLRR5rhZFQGrsUwF7vlPoSPeCaQYnKYhXoS:+fxf2hROSRDLR5nWFpPoSNKK2XoS
Score
7/10
Malware Config
Signatures
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc.dll,#12⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-63-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-64-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-65-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-67-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-69-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-71-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-73-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-75-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-77-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-79-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-81-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-83-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-85-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-87-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-89-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-91-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-93-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-95-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-97-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-99-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-101-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-103-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-105-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB
-
memory/1636-106-0x0000000000390000-0x00000000003CE000-memory.dmpFilesize
248KB