7bbfe91a6c1e1aa509f9c252dbc2674de2e5c0b38bebce22af87bcf0806c2df2

Analysis

max time kernel
161s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 15:49

Target

7bbfe91a6c1e1aa509f9c252dbc2674de2e5c0b38bebce22af87bcf0806c2df2.dll
Size

2.6MB
MD5

67cdefc3b9032805b76ebda1cecd7980
SHA1

240224b5ab97128de1be3aebc59d1d457fac4c6e
SHA256

7bbfe91a6c1e1aa509f9c252dbc2674de2e5c0b38bebce22af87bcf0806c2df2
SHA512

490f1388d14b9b6b8502c4ee546bed6001f2f8e912522e1a5c399e22fe5216e1f61b8e636006d5a3b732b88e3eabeba7f475f040ee87700312fa7a61766cf4d0
SSDEEP

49152:iClxW0Vihxp14gOLJM/euUY+ULj9e2Z+qD6GMFgP73fyFr+frHcj/eN5AaJULV:zl2hP6TXuUY+UP91Zyq73fK+TcjEkLV

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1184-0-0x0000000002D40000-0x000000000420C000-memory.dmp	upx
behavioral2/memory/1184-1-0x0000000002D40000-0x000000000420C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 1184	3104	rundll32.exe	85
PID 3104 wrote to memory of 1184	3104	rundll32.exe	85
PID 3104 wrote to memory of 1184	3104	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bbfe91a6c1e1aa509f9c252dbc2674de2e5c0b38bebce22af87bcf0806c2df2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bbfe91a6c1e1aa509f9c252dbc2674de2e5c0b38bebce22af87bcf0806c2df2.dll,#1
  2⤵
  PID:1184

memory/1184-0-0x0000000002D40000-0x000000000420C000-memory.dmp

Filesize
20.8MB

Download
memory/1184-1-0x0000000002D40000-0x000000000420C000-memory.dmp

Filesize
20.8MB

Download
memory/1184-2-0x0000000002D40000-0x000000000420C000-memory.dmp

Filesize
20.8MB

Download