8147957f8245f678fa8f88e7032db34668909b707fd858c4f97c5c205270032d

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/06/2023, 05:16

Target

8147957f8245f678fa8f88e7032db34668909b707fd858c4f97c5c205270032d.dll
Size

616KB
MD5

4507e7cdd2ef00ecf46cacde74001808
SHA1

f339e93d245d4894929df6c93f88bd9d5a585442
SHA256

8147957f8245f678fa8f88e7032db34668909b707fd858c4f97c5c205270032d
SHA512

1dc016edaf385fbf8fe3747f7190c69498825bfd3c0ac027cc85e942a80dacc9cf1be5d9e43c363a4ee15bb312064383682be3e26884b38b5ad13e6ba25b8681
SSDEEP

12288:OsgWBeVXws+hShaO06ALkDj/6p46NRWpLyycdenfRL8BGDh7nMYRTQ0aHa:Oye2s++rIIDj/SLN8NHpoBGlonZ6

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1288-54-0x0000000010000000-0x00000000101C2000-memory.dmp	upx
behavioral1/memory/1288-55-0x0000000010000000-0x00000000101C2000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SDL2_data.dat	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1288	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 1288	1208	rundll32.exe	28
PID 1208 wrote to memory of 1288	1208	rundll32.exe	28
PID 1208 wrote to memory of 1288	1208	rundll32.exe	28
PID 1208 wrote to memory of 1288	1208	rundll32.exe	28
PID 1208 wrote to memory of 1288	1208	rundll32.exe	28
PID 1208 wrote to memory of 1288	1208	rundll32.exe	28
PID 1208 wrote to memory of 1288	1208	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8147957f8245f678fa8f88e7032db34668909b707fd858c4f97c5c205270032d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8147957f8245f678fa8f88e7032db34668909b707fd858c4f97c5c205270032d.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:1288

memory/1288-54-0x0000000010000000-0x00000000101C2000-memory.dmp

Filesize
1.8MB

Download
memory/1288-55-0x0000000010000000-0x00000000101C2000-memory.dmp

Filesize
1.8MB

Download