029731e3ec498e588fa4f72f49010369c9655c5e40f98d5a5894e6e074f5288f

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 01:02

Target

029731e3ec498e588fa4f72f49010369c9655c5e40f98d5a5894e6e074f5288f.dll
Size

28KB
MD5

d327ffee33d774ee36ba77460c210837
SHA1

e989240499bdd40d573b767c73b84a7a22f38f56
SHA256

029731e3ec498e588fa4f72f49010369c9655c5e40f98d5a5894e6e074f5288f
SHA512

52292ca99b80f1d1d45c5f587c02c4ed764b9acfc71a0c9b8daecfda868e19856b9c93a69a3a5a6bd483e13211e14faf6f5ddb2cf011e57208f42da6aa44094f
SSDEEP

768:hCvDjm2I+uwhm7kc9YejJW/XNJiUQU/sz3onbcuyD7UHa:ajm2ITIYkyW/dJibU/Nnouy86

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2240-0-0x0000000075570000-0x000000007558A000-memory.dmp	upx
behavioral1/memory/2240-2-0x0000000075550000-0x000000007556A000-memory.dmp	upx
behavioral1/memory/2240-4-0x0000000075550000-0x000000007556A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2240	1076	rundll32.exe	28
PID 1076 wrote to memory of 2240	1076	rundll32.exe	28
PID 1076 wrote to memory of 2240	1076	rundll32.exe	28
PID 1076 wrote to memory of 2240	1076	rundll32.exe	28
PID 1076 wrote to memory of 2240	1076	rundll32.exe	28
PID 1076 wrote to memory of 2240	1076	rundll32.exe	28
PID 1076 wrote to memory of 2240	1076	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\029731e3ec498e588fa4f72f49010369c9655c5e40f98d5a5894e6e074f5288f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\029731e3ec498e588fa4f72f49010369c9655c5e40f98d5a5894e6e074f5288f.dll,#1
  2⤵
  PID:2240

memory/2240-0-0x0000000075570000-0x000000007558A000-memory.dmp

Filesize
104KB

Download
memory/2240-1-0x0000000075570000-0x000000007558A000-memory.dmp

Filesize
104KB

Download
memory/2240-2-0x0000000075550000-0x000000007556A000-memory.dmp

Filesize
104KB

Download
memory/2240-3-0x0000000075570000-0x000000007558A000-memory.dmp

Filesize
104KB

Download
memory/2240-4-0x0000000075550000-0x000000007556A000-memory.dmp

Filesize
104KB

Download